[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-3081

Date: (C)2010-09-24   (M)2017-11-18 


The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.

CVSS Score: 7.2Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html
http://www.securityfocus.com/archive/1/514938/30/30/threaded
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
SECUNIA-42384
SECUNIA-43315
ADV-2010-3083
ADV-2010-3117
ADV-2011-0298
IAVM:2010-B-0085
IAVM:2011-A-0066
MDVSA-2010:198
MDVSA-2010:214
MDVSA-2010:247
RHSA-2010:0758
RHSA-2010:0842
RHSA-2010:0882
SUSE-SA:2010:050
SUSE-SA:2011:007
SUSE-SR:2010:017
http://marc.info/?l=oss-security&m=128461522230211&w=2
http://blog.ksplice.com/2010/09/cve-2010-3081/
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c41d68a513c71e35a14f66d71782d27a79a81ea6
http://isc.sans.edu/diary.html?storyid=9574
http://sota.gen.nz/compat1/
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log
http://www.vmware.com/security/advisories/VMSA-2010-0017.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://access.redhat.com/kb/docs/DOC-40265
https://bugzilla.redhat.com/show_bug.cgi?id=634457

CPE    425
cpe:/o:linux:linux_kernel:2.6.33:rc7
cpe:/o:linux:linux_kernel:2.6.33:rc4
cpe:/o:linux:linux_kernel:2.6.33:rc3
cpe:/o:linux:linux_kernel:2.6.33:rc6
...
CWE    1
CWE-119
OVAL    29
oval:org.secpod.oval:def:400046
oval:org.secpod.oval:def:500469
oval:org.secpod.oval:def:201854
oval:org.secpod.oval:def:201785
...

© 2013 SecPod Technologies