CVE-2010-4072

The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
References
Link Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html Mailing List Third Party Advisory
http://lkml.org/lkml/2010/10/6/454 Patch Third Party Advisory
http://secunia.com/advisories/42758 Third Party Advisory
http://secunia.com/advisories/42778 Third Party Advisory
http://secunia.com/advisories/42884 Third Party Advisory
http://secunia.com/advisories/42890 Third Party Advisory
http://secunia.com/advisories/42932 Third Party Advisory
http://secunia.com/advisories/42963 Third Party Advisory
http://secunia.com/advisories/43161 Third Party Advisory
http://secunia.com/advisories/43291 Third Party Advisory
http://secunia.com/advisories/46397 Third Party Advisory
http://www.debian.org/security/2010/dsa-2126 Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc1 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/07/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/25/3 Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0958.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0007.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0017.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0162.html Third Party Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45054 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1041-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-1057-1 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory
http://www.vupen.com/english/advisories/2011/0012 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0070 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0124 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0168 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0280 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0375 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=648656 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.37:-:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

History

07 Nov 2023, 02:06

Type Values Removed Values Added
References
  • {'url': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44', 'name': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 -

Information

Published : 2010-11-29 16:00

Updated : 2024-02-28 11:41


NVD link : CVE-2010-4072

Mitre link : CVE-2010-4072

CVE.ORG link : CVE-2010-4072


JSON object : View

Products Affected

linux

  • linux_kernel

opensuse

  • opensuse

suse

  • linux_enterprise_real_time_extension
  • linux_enterprise_server
  • linux_enterprise_desktop
  • linux_enterprise_software_development_kit

debian

  • debian_linux

canonical

  • ubuntu_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor