CVE-2010-4526

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

References

http://www.openwall.com/lists/oss-security/2011/01/04/13

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=50b5d6ad63821cea324a5a7a19854d4de1a0a819

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526

http://www.openwall.com/lists/oss-security/2011/01/04/3

http://www.redhat.com/support/errata/RHSA-2011-0163.html

http://www.securityfocus.com/bid/45661

http://secunia.com/advisories/42964

http://www.vupen.com/english/advisories/2011/0169

http://secunia.com/advisories/46397

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/64616

http://www.securityfocus.com/archive/1/520102/100/0/threaded

Details

Source: MITRE

Published: 2011-01-11

Updated: 2020-08-25

Type: CWE-362

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
89680VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check)NessusMisc.
high
76634RHEL 6 : MRG (RHSA-2011:1253)NessusRed Hat Local Security Checks
high
68247Oracle Linux 6 : kernel (ELSA-2011-0421)NessusOracle Linux Local Security Checks
high
68183Oracle Linux 5 : kernel (ELSA-2011-0163)NessusOracle Linux Local Security Checks
high
65103Ubuntu 10.04 LTS / 10.10 : linux-mvl-dove vulnerabilities (USN-1093-1)NessusUbuntu Local Security Checks
high
61012Scientific Linux Security Update : kernel on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
60939Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
59155SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7384)NessusSuSE Local Security Checks
high
56508VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service ConsoleNessusVMware ESX Local Security Checks
high
56192USN-1204-1 : linux-fsl-imx51 vulnerabilitiesNessusUbuntu Local Security Checks
high
55607Ubuntu 8.04 LTS : linux vulnerabilities (USN-1170-1)NessusUbuntu Local Security Checks
high
53414CentOS 5 : kernel (CESA-2011:0163)NessusCentOS Local Security Checks
high
53328RHEL 6 : kernel (RHSA-2011:0421)NessusRed Hat Local Security Checks
high
52971SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7381)NessusSuSE Local Security Checks
high
52597SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4039 / 4042 / 4043)NessusSuSE Local Security Checks
high
52528Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1080-2)NessusUbuntu Local Security Checks
high
52499Ubuntu 10.04 LTS : linux vulnerabilities (USN-1080-1)NessusUbuntu Local Security Checks
high
51818Debian DSA-2153-1 : linux-2.6 - privilege escalation/denial of service/information leakNessusDebian Local Security Checks
high
51570RHEL 5 : kernel (RHSA-2011:0163)NessusRed Hat Local Security Checks
high
801504CentOS RHSA-2011-0163 Security CheckLog Correlation EngineGeneric
high