This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

INFORMATION

Name : CVE-2010-0561 First Publication : 2010-02-08
Severity : High Last Modification : 2010-02-09

SCORING CVSS v2

Cvss Base Score : 7.8 Attack Range : Network
Cvss Impact Score : 6.9 Attack Complexity : Low
Cvss Expoit Score : 10 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service (kernel panic) via a negative mixer index number being passed to (1) the azalia_query_devinfo function in the azalia audio driver (src/sys/dev/pci/azalia.c) or (2) the hdaudio_afg_query_devinfo function in the hdaudio audio driver (src/sys/dev/pci/hdaudio/hdaudio_afg.c).



CWE COMMON WEAKNESS ENUMERATION

CWE-189 - Numeric Errors (CWE/SANS Top 25)

CPE COMMON PLATFORM ENUMERATION


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

62082 : NetBSD src/sys/dev/pci/hdaudio/hdaudio_afg.c hdaudio_afg_query_devinfo() Function Local DoS.
62081 : NetBSD src/sys/dev/pci/azalia.c azalia_query_devinfo() Function Local DoS.


SECONDARY(S) SOURCE(S)


Source : BID
Url : http://www.securityfocus.com/bid/38057

Source : NETBSD
Url : http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-003.txt.asc

Source : OSVDB
Url : http://osvdb.org/62081
Url : http://osvdb.org/62082

Source : SECTRACK
Url : http://www.securitytracker.com/id?1023539

Source : SECUNIA
Url : http://secunia.com/advisories/38284