Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20141
HistorySep 30, 2010 - 12:00 a.m.

Linux kernel 2.6.x PKT_CTRL_CMD_STATUS无效指针引用拒绝服务漏洞

2010-09-3000:00:00
Root
www.seebug.org
9

0.0004 Low

EPSS

Percentile

0.4%

JSON

BUGTRAQ ID: 43551
CVE ID: CVE-2010-3437

Linux Kernel是开放源码操作系统Linux所使用的内核。

Linux Kernel的PKT_CTRL_CMD_STATUS设备ioctl从全局pkt_devs数组接收指向pktcdvd_device的指针。到这个数组的索引是由用户提供的有符整形,因此如果提供了负数索引就会导致边界检查失败。

本地攻击者可以利用这个漏洞读取任意内核内存,或由于无效的指针引用而导致崩溃。如果要利用这个漏洞,用户必须拥有打开/dev/pktcdvd/control的权限。

Linux kernel 2.6.x
厂商补丁:

Linux

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=252a52aa4fa22a668f019e55b3aac3ff71ec1c29

Related

seebug 2
prion 1
ubuntucve 1
veracode 1
cve 1
exploitpack 1
exploitdb 1
nessus 15
openvas 19
oraclelinux 2
redhat 1
kitploit 1
suse 5
ubuntu 6
debian 1
securityvulns 2
osv 1
seebug
seebug
Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure
2010-09-30 00:00:00
Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure
2014-07-01 00:00:00
prion
prion
Integer overflow
2010-10-04 21:00:00
ubuntucve
ubuntucve
CVE-2010-3437
2010-10-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:50:10
cve
cve
CVE-2010-3437
2010-10-04 21:00:00
exploitpack
exploitpack
Linux Kernel 2.6.36-rc6 (RedHat Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure
2010-09-29 00:00:00
exploitdb
exploitdb
Linux Kernel &lt; 2.6.36-rc6 (RedHat / Ubuntu 10.04) - &#039;pktcdvd&#039; Kernel Memory Disclosure
2010-09-29 00:00:00
nessus
nessus
Oracle Linux 5 : Unbreakable Enterprise kernel (ELSA-2010-2011)
2013-07-12 00:00:00
Scientific Linux Security Update : kernel on SL6.x i386/x86_64
2012-08-01 00:00:00
RHEL 6 : kernel (RHSA-2010:0842)
2010-11-18 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2010-2011)
2015-10-06 00:00:00
SuSE Update for kernel SUSE-SA:2011:002
2011-01-11 00:00:00
SuSE Update for kernel SUSE-SA:2011:002
2011-01-11 00:00:00
oraclelinux
oraclelinux
Unbreakable enterprise kernel security and bug fix update
2010-12-09 00:00:00
kernel security and bug fix update
2011-02-12 00:00:00
redhat
redhat
(RHSA-2010:0842) Important: kernel security and bug fix update
2010-11-10 00:00:00
kitploit
kitploit
[Linux Exploit Suggester] Grab the Linux Operating Systems release version, and return a suggestive list of possible exploits
2013-08-29 00:48:00
suse
suse
remote denial of service in kernel
2010-12-14 13:42:46
local privilege escalation in kernel
2011-01-14 16:35:40
potential local privilege escalation in kernel
2011-01-03 15:33:25
ubuntu
ubuntu
Linux kernel vulnerabilities
2010-10-19 00:00:00
Linux kernel (OMAP4) vulnerabilities
2011-04-20 00:00:00
Linux kernel vulnerabilities
2011-02-28 00:00:00
debian
debian
[SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues
2010-11-27 04:49:43
securityvulns
securityvulns
[SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues
2010-12-01 00:00:00
Linux kernel multiple security vulnerabilities
2010-12-09 00:00:00
osv
osv
linux-2.6 - several issues
2010-11-26 00:00:00

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for SSV:20141
seebug2prion1ubuntucve1veracode1cve1exploitpack1exploitdb1nessus15openvas19oraclelinux2redhat1kitploit1suse5ubuntu6debian1securityvulns2osv1