CVE-2010-2492

HIGH

Description

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a6f80fb7b5986fda663d94079d3bba0937a6b6ff

http://secunia.com/advisories/42890

http://secunia.com/advisories/46397

http://support.avaya.com/css/P8/documents/100113326

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

http://www.mandriva.com/security/advisories?name=MDVSA-2010:172

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

http://www.redhat.com/support/errata/RHSA-2010-0723.html

http://www.redhat.com/support/errata/RHSA-2011-0007.html

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

https://bugzilla.redhat.com/show_bug.cgi?id=611385

Details

Source: MITRE

Published: 2010-09-08

Updated: 2020-08-13

Type: CWE-120

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (13 total)

ID	Name	Product	Family	Severity
89680	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check)	Nessus	Misc.	high
68177	Oracle Linux 6 : kernel (ELSA-2011-0007)	Nessus	Oracle Linux Local Security Checks	high
68106	Oracle Linux 5 : kernel (ELSA-2010-0723)	Nessus	Oracle Linux Local Security Checks	high
67080	CentOS 5 : kernel (CESA-2010:0723)	Nessus	CentOS Local Security Checks	high
56508	VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service Console	Nessus	VMware ESX Local Security Checks	high
51500	RHEL 6 : kernel (RHSA-2011:0007)	Nessus	Red Hat Local Security Checks	high
49795	Mandriva Linux Security Advisory : kernel (MDVSA-2010:198)	Nessus	Mandriva Local Security Checks	critical
49746	RHEL 5 : kernel (RHSA-2010:0723)	Nessus	Red Hat Local Security Checks	high
49671	openSUSE Security Update : kernel (openSUSE-SU-2010:0664-1)	Nessus	SuSE Local Security Checks	critical
49666	Mandriva Linux Security Advisory : kernel (MDVSA-2010:188)	Nessus	Mandriva Local Security Checks	critical
49276	Debian DSA-2110-1 : linux-2.6 - privilege escalation/denial of service/information leak	Nessus	Debian Local Security Checks	high
49190	Mandriva Linux Security Advisory : kernel (MDVSA-2010:172)	Nessus	Mandriva Local Security Checks	high
48253	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : linux, linux-{source-2.6.15,ec2,mvl-dove,ti-omap} vulnerabilities (USN-966-1)	Nessus	Ubuntu Local Security Checks	high