CVE-2010-4073

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-4073
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.

1.9 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=03145beb455cf5c20a761e8451e30b8a74ba58d9
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html Mailing List Third Party Advisory
http://lkml.org/lkml/2010/10/6/492 Mailing List Patch Third Party Advisory
http://secunia.com/advisories/42778 Third Party Advisory
http://secunia.com/advisories/42884 Third Party Advisory
http://secunia.com/advisories/42890 Third Party Advisory
http://secunia.com/advisories/42932 Third Party Advisory
http://secunia.com/advisories/42963 Third Party Advisory
http://secunia.com/advisories/43291 Third Party Advisory
http://secunia.com/advisories/46397 Third Party Advisory
http://securityreason.com/securityalert/8366 Exploit Third Party Advisory
http://www.debian.org/security/2010/dsa-2126 Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc1 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/07/1 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/25/3 Mailing List Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0958.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0007.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0017.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0162.html Third Party Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45073 Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2011-0012.html Third Party Advisory
http://www.vupen.com/english/advisories/2011/0012 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0124 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0168 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0375 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=648658 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
History

07 Nov 2023, 02:06

Type Values Removed Values Added
References
  • {'url': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=03145beb455cf5c20a761e8451e30b8a74ba58d9', 'name': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=03145beb455cf5c20a761e8451e30b8a74ba58d9', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=03145beb455cf5c20a761e8451e30b8a74ba58d9 -
Information

Published : 2010-11-29 16:00

Updated : 2024-02-28 11:41

NVD link : CVE-2010-4073

Mitre link : CVE-2010-4073

CVE.ORG link : CVE-2010-4073

JSON object : View

Products Affected

linux

  • linux_kernel

opensuse

  • opensuse

suse

  • linux_enterprise_real_time_extension
  • linux_enterprise_server
  • linux_enterprise_desktop
  • linux_enterprise_software_development_kit

debian

  • debian_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024