Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-3477

Опубликовано: 21 сент. 2010
Источник: nvd
CVSS2: 2.1
EPSS Низкий

Описание

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 2.6.36 (исключая)
cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.36:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.36:rc3:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

EPSS

Процентиль: 25%
0.0008
Низкий

2.1 Low

CVSS2

Дефекты

CWE-399

Связанные уязвимости

ubuntu логотип

CVE-2010-3477

ubuntu
больше 14 лет назад

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.

redhat логотип

CVE-2010-3477

redhat
почти 15 лет назад

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.

debian логотип

CVE-2010-3477

debian
больше 14 лет назад

The tcf_act_police_dump function in net/sched/act_police.c in the acti ...

github логотип

GHSA-5jw7-x958-q6mf

github
около 3 лет назад

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.

oracle-oval логотип

ELSA-2010-2009

oracle-oval
больше 14 лет назад

ELSA-2010-2009: Oracle Linux 5 Unbreakable Enterprise kernel security fix update (IMPORTANT)

EPSS

Процентиль: 25%
0.0008
Низкий

2.1 Low

CVSS2

Дефекты

CWE-399