Executive Summary

Informations
NameCVE-2010-4074First vendor Publication2010-11-29
VendorCveLast vendor Modification2012-03-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score1.9Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4074

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1340

OpenVAS Exploits

DateDescription
2012-06-05Name : RedHat Update for kernel RHSA-2011:0007-01
File : nvt/gb_RHSA-2011_0007-01_kernel.nasl
2011-02-28Name : Ubuntu Update for linux vulnerabilities USN-1072-1
File : nvt/gb_ubuntu_USN_1072_1.nasl
2011-02-28Name : Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1073-1
File : nvt/gb_ubuntu_USN_1073_1.nasl
2011-01-24Name : Debian Security Advisory DSA 2126-1 (linux-2.6)
File : nvt/deb_2126_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
69529Linux Kernel USB Subsystem drivers/usb/serial/mos7840.c mos7840_ioctl Functio...
69528Linux Kernel USB Subsystem drivers/usb/serial/mos7720.c mos7720_ioctl Functio...

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0007.nasl - Type : ACT_GATHER_INFO
2011-03-01Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1072-1.nasl - Type : ACT_GATHER_INFO
2011-03-01Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1073-1.nasl - Type : ACT_GATHER_INFO
2011-01-12Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0007.nasl - Type : ACT_GATHER_INFO
2010-11-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2126.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/45074
CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a...
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc5
https://bugzilla.redhat.com/show_bug.cgi?id=648659
DEBIAN http://www.debian.org/security/2010/dsa-2126
MLIST http://lkml.org/lkml/2010/9/15/392
http://www.openwall.com/lists/oss-security/2010/09/25/2
http://www.openwall.com/lists/oss-security/2010/10/06/6
http://www.openwall.com/lists/oss-security/2010/10/07/1
http://www.openwall.com/lists/oss-security/2010/10/25/3
REDHAT http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://www.redhat.com/support/errata/RHSA-2011-0007.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
DateInformations
2018-11-17 12:01:56
  • Multiple Updates
2018-10-30 12:03:40
  • Multiple Updates
2016-07-01 11:07:04
  • Multiple Updates
2016-06-29 00:15:51
  • Multiple Updates
2016-06-28 18:21:57
  • Multiple Updates
2016-04-26 20:12:24
  • Multiple Updates
2014-02-17 10:58:24
  • Multiple Updates
2013-05-10 23:36:05
  • Multiple Updates