CVE-2010-2492

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a6f80fb7b5986fda663d94079d3bba0937a6b6ff

http://secunia.com/advisories/42890

http://secunia.com/advisories/46397

http://support.avaya.com/css/P8/documents/100113326

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

http://www.mandriva.com/security/advisories?name=MDVSA-2010:172

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

http://www.redhat.com/support/errata/RHSA-2010-0723.html

http://www.redhat.com/support/errata/RHSA-2011-0007.html

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

https://bugzilla.redhat.com/show_bug.cgi?id=611385

Details

Source: MITRE

Published: 2010-09-08

Updated: 2020-08-13

Type: CWE-120

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*

cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:avaya:aura_communication_manager:5.2:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_presence_services:6.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_presence_services:6.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_presence_services:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_session_manager:1.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_session_manager:5.2:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_session_manager:6.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_manager:5.2:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_manager:6.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_manager:6.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_manager:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_platform:1.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_platform:6.0:-:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_platform:6.0:sp1:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_voice_portal:5.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_voice_portal:5.1:-:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_voice_portal:5.1:sp1:*:*:*:*:*:*

cpe:2.3:a:avaya:iq:5.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:iq:5.1:*:*:*:*:*:*:*

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
89680VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check)NessusMisc.
high
68177Oracle Linux 6 : kernel (ELSA-2011-0007)NessusOracle Linux Local Security Checks
high
68106Oracle Linux 5 : kernel (ELSA-2010-0723)NessusOracle Linux Local Security Checks
high
67080CentOS 5 : kernel (CESA-2010:0723)NessusCentOS Local Security Checks
high
56508VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service ConsoleNessusVMware ESX Local Security Checks
high
51500RHEL 6 : kernel (RHSA-2011:0007)NessusRed Hat Local Security Checks
high
49795Mandriva Linux Security Advisory : kernel (MDVSA-2010:198)NessusMandriva Local Security Checks
critical
49746RHEL 5 : kernel (RHSA-2010:0723)NessusRed Hat Local Security Checks
high
49671openSUSE Security Update : kernel (openSUSE-SU-2010:0664-1)NessusSuSE Local Security Checks
critical
49666Mandriva Linux Security Advisory : kernel (MDVSA-2010:188)NessusMandriva Local Security Checks
critical
49276Debian DSA-2110-1 : linux-2.6 - privilege escalation/denial of service/information leakNessusDebian Local Security Checks
high
49190Mandriva Linux Security Advisory : kernel (MDVSA-2010:172)NessusMandriva Local Security Checks
high
48253Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : linux, linux-{source-2.6.15,ec2,mvl-dove,ti-omap} vulnerabilities (USN-966-1)NessusUbuntu Local Security Checks
high