Executive Summary

Informations
Name CVE-2010-1086 First vendor Publication 2010-04-06
Vendor Cve Last vendor Modification 2018-11-16

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10569
 
Oval ID: oval:org.mitre.oval:def:10569
Title: The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.
Description: The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1086
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20512
 
Oval ID: oval:org.mitre.oval:def:20512
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1086
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21805
 
Oval ID: oval:org.mitre.oval:def:21805
Title: RHSA-2010:0398: kernel security and bug fix update (Important)
Description: The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.
Family: unix Class: patch
Reference(s): RHSA-2010:0398-01
CESA-2010:0398
CVE-2010-0307
CVE-2010-0410
CVE-2010-0730
CVE-2010-1085
CVE-2010-1086
Version: 68
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22609
 
Oval ID: oval:org.mitre.oval:def:22609
Title: ELSA-2010:0398: kernel security and bug fix update (Important)
Description: The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.
Family: unix Class: patch
Reference(s): ELSA-2010:0398-01
CVE-2010-0307
CVE-2010-0410
CVE-2010-0730
CVE-2010-1085
CVE-2010-1086
Version: 25
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28222
 
Oval ID: oval:org.mitre.oval:def:28222
Title: DEPRECATED: ELSA-2010-0398 -- kernel security and bug fix update (important)
Description: [2.6.18-194.3.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb (John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - [nfs] -revert return code check to avoid EIO (Chuck Lever, Guru Anbalagane) [Orabug 9448515] - [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702] - [net] bonding: fix xen+bonding+netconsole panic issue (Joe Jin) [orabug 9504524] - [mm] Set hugepages dirty bit so vm.drop_caches does not corrupt (John Sobecki) [orabug 9461825] - [rds] Patch rds to 1.4.2-14 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() [2.6.18-194.3.1.el5] - [net] bnx2: fix lost MSI-X problem on 5709 NICs (John Feeney) [587799 511368]
Family: unix Class: patch
Reference(s): ELSA-2010-0398
CVE-2010-0307
CVE-2010-0410
CVE-2010-0730
CVE-2010-1085
CVE-2010-1086
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1270

OpenVAS Exploits

Date Description
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2010:0398 centos5 i386
File : nvt/gb_CESA-2010_0398_kernel_centos5_i386.nasl
2010-06-07 Name : Ubuntu Update for Linux kernel vulnerabilities USN-947-1
File : nvt/gb_ubuntu_USN_947_1.nasl
2010-06-07 Name : Ubuntu Update for linux regression USN-947-2
File : nvt/gb_ubuntu_USN_947_2.nasl
2010-06-03 Name : Debian Security Advisory DSA 2053-1 (linux-2.6)
File : nvt/deb_2053_1.nasl
2010-05-07 Name : RedHat Update for kernel RHSA-2010:0394-01
File : nvt/gb_RHSA-2010_0394-01_kernel.nasl
2010-05-07 Name : RedHat Update for kernel RHSA-2010:0398-01
File : nvt/gb_RHSA-2010_0398-01_kernel.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
63632 Linux Kernel dvb-core drivers/media/dvb/dvb-core/dvb_net.c ULE Decapsulation ...

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0476.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0394.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0398.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100506_kernel_on_SL_5_0.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100505_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7015.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-947-1.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-947-2.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0398.nasl - Type : ACT_GATHER_INFO
2010-05-26 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2053.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0398.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0394.nasl - Type : ACT_GATHER_INFO
2010-05-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0394.nasl - Type : ACT_GATHER_INFO
2010-05-07 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7011.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/38479
BUGTRAQ http://www.securityfocus.com/archive/1/516397/100/0/threaded
CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff...
http://support.avaya.com/css/P8/documents/100088287
http://support.avaya.com/css/P8/documents/100090459
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=569237
DEBIAN http://www.debian.org/security/2010/dsa-2053
MLIST http://www.openwall.com/lists/oss-security/2010/03/01/1
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2010-0394.html
http://www.redhat.com/support/errata/RHSA-2010-0398.html
SECUNIA http://secunia.com/advisories/39649
http://secunia.com/advisories/39742
http://secunia.com/advisories/39830
http://secunia.com/advisories/43315
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html
http://www.novell.com/linux/security/advisories/2010_23_kernel.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Date Informations
2020-08-11 12:04:59
  • Multiple Updates
2020-08-08 01:05:01
  • Multiple Updates
2020-08-07 12:05:05
  • Multiple Updates
2020-08-01 12:05:03
  • Multiple Updates
2020-07-30 01:05:12
  • Multiple Updates
2020-05-23 01:41:50
  • Multiple Updates
2020-05-23 00:25:29
  • Multiple Updates
2019-01-25 12:03:06
  • Multiple Updates
2018-11-16 21:19:35
  • Multiple Updates
2018-10-30 12:03:19
  • Multiple Updates
2018-10-11 00:19:49
  • Multiple Updates
2017-09-19 09:23:42
  • Multiple Updates
2016-07-01 11:06:46
  • Multiple Updates
2016-06-29 00:11:43
  • Multiple Updates
2016-06-28 18:05:52
  • Multiple Updates
2016-04-26 19:40:54
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2014-11-27 13:27:42
  • Multiple Updates
2014-11-18 13:25:38
  • Multiple Updates
2014-02-17 10:54:22
  • Multiple Updates
2013-11-11 12:38:42
  • Multiple Updates
2013-05-10 23:21:05
  • Multiple Updates