Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-2942 | First vendor Publication | 2010-09-21 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 5.5 | ||
| Base Score | 5.5 | Environmental Score | 5.5 |
| impact SubScore | 3.6 | Temporal Score | 5.5 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | None | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2942 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20228 | |||
| Oval ID: | oval:org.mitre.oval:def:20228 | ||
| Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
| Description: | The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-2942 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-03-16 | Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX... File : nvt/gb_VMSA-2011-0012.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2010:0723 centos5 i386 File : nvt/gb_CESA-2010_0723_kernel_centos5_i386.nasl |
| 2011-03-07 | Name : Ubuntu Update for linux-lts-backport-maverick vulnerabilities USN-1083-1 File : nvt/gb_ubuntu_USN_1083_1.nasl |
| 2010-11-04 | Name : CentOS Update for kernel CESA-2010:0779 centos4 i386 File : nvt/gb_CESA-2010_0779_kernel_centos4_i386.nasl |
| 2010-10-22 | Name : RedHat Update for kernel RHSA-2010:0779-01 File : nvt/gb_RHSA-2010_0779-01_kernel.nasl |
| 2010-10-22 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-1000-1 File : nvt/gb_ubuntu_USN_1000_1.nasl |
| 2010-10-01 | Name : RedHat Update for kernel RHSA-2010:0723-01 File : nvt/gb_RHSA-2010_0723-01_kernel.nasl |
| 2010-10-01 | Name : SuSE Update for kernel SUSE-SA:2010:046 File : nvt/gb_suse_2010_046.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 68173 | Linux Kernel net/sched/act_skbedit.c tcf_skbedit_dump Function Network Queuei... |
| 68172 | Linux Kernel net/sched/act_simple.c tcf_simp_dump Function Network Queueing A... |
| 68171 | Linux Kernel net/sched/act_nat.c tcf_nat_dump Function Network Queueing Actio... |
| 68170 | Linux Kernel net/sched/act_mirred.c tcf_mirred_dump Function Network Queueing... |
| 68169 | Linux Kernel net/sched/act_gact.c tcf_gact_dump Function Network Queueing Act... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2011-10-27 | IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi Severity : Category I - VMSKEY : V0030545 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_kernel-100915.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_515841_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0723.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0779.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-2008.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-2009.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0723.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1083-1.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1093-1.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101019_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7261.nasl - Type : ACT_GATHER_INFO |
| 2011-10-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-101020.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100903.nasl - Type : ACT_GATHER_INFO |
| 2010-12-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7257.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-101020.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0779.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1000-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0779.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0723.nasl - Type : ACT_GATHER_INFO |
| 2010-09-24 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-100921.nasl - Type : ACT_GATHER_INFO |
| 2010-09-23 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12646.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:07:32 |
|
| 2024-11-28 12:22:35 |
|
| 2024-08-02 12:14:10 |
|
| 2024-08-02 01:03:50 |
|
| 2024-02-02 01:13:45 |
|
| 2024-02-01 12:03:45 |
|
| 2023-09-05 12:12:49 |
|
| 2023-09-05 01:03:37 |
|
| 2023-09-02 12:12:52 |
|
| 2023-09-02 01:03:39 |
|
| 2023-08-12 12:15:18 |
|
| 2023-08-12 01:03:39 |
|
| 2023-08-11 12:12:55 |
|
| 2023-08-11 01:03:47 |
|
| 2023-08-06 12:12:25 |
|
| 2023-08-06 01:03:41 |
|
| 2023-08-04 12:12:31 |
|
| 2023-08-04 01:03:42 |
|
| 2023-07-14 12:12:27 |
|
| 2023-07-14 01:03:40 |
|
| 2023-03-29 01:14:15 |
|
| 2023-03-28 12:03:46 |
|
| 2023-02-13 09:29:07 |
|
| 2023-02-02 21:28:51 |
|
| 2022-10-11 12:11:06 |
|
| 2022-10-11 01:03:27 |
|
| 2022-03-11 01:09:16 |
|
| 2021-05-04 12:12:13 |
|
| 2021-04-22 01:12:49 |
|
| 2020-08-11 21:23:01 |
|
| 2020-08-11 12:05:17 |
|
| 2020-08-08 01:05:20 |
|
| 2020-08-07 12:05:25 |
|
| 2020-08-07 01:05:26 |
|
| 2020-08-01 12:05:23 |
|
| 2020-07-30 01:05:33 |
|
| 2020-05-23 01:42:27 |
|
| 2020-05-23 00:26:14 |
|
| 2019-01-25 12:03:15 |
|
| 2018-11-17 12:01:46 |
|
| 2018-10-30 12:03:29 |
|
| 2018-10-11 00:19:54 |
|
| 2016-07-01 11:06:55 |
|
| 2016-06-29 00:14:16 |
|
| 2016-06-28 18:17:09 |
|
| 2016-04-26 20:00:18 |
|
| 2016-03-05 13:26:42 |
|
| 2014-11-27 13:27:45 |
|
| 2014-06-14 13:29:04 |
|
| 2014-02-17 10:56:47 |
|
| 2013-11-11 12:38:52 |
|
| 2013-05-10 23:30:05 |
|
