CVE-2010-2942
First published: Wed Aug 18 2010(Updated: )
Description of problem: We leak at least 32bits of kernel memory to user land in tc dump, because we dont init all fields (capab ?) of the dumped structure. Use C99 initializers so that holes and non explicit fields are zeroed. <a href="http://patchwork.ozlabs.org/patch/61857/">http://patchwork.ozlabs.org/patch/61857/</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux Kernel | <=2.6.35.13 | |
| Linux Kernel | =2.6.36 | |
| Linux Kernel | =2.6.36-rc1 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =9.04 | |
| Ubuntu Linux | =9.10 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =10.10 | |
| openSUSE | =11.1 | |
| openSUSE | =11.3 | |
| SUSE Linux Enterprise Desktop | =10-sp3 | |
| SUSE Linux Enterprise Desktop | =11 | |
| SUSE Linux Enterprise Desktop | =11-sp1 | |
| SUSE Linux Enterprise Server | =10-sp3 | |
| SUSE Linux Enterprise Server | =11 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| Avaya Aura Communication Manager | =5.2 | |
| Avaya Aura Presence Services | =6.0 | |
| Avaya Aura Presence Services | =6.1 | |
| Avaya Aura Presence Services | =6.1.1 | |
| Avaya Aura Session Manager | =1.1 | |
| Avaya Aura Session Manager | =5.2 | |
| Avaya Aura Session Manager | =6.0 | |
| Avaya Aura System Manager | =5.2 | |
| Avaya Aura System Manager | =6.0 | |
| Avaya Aura System Manager | =6.1 | |
| Avaya Aura System Manager | =6.1.1 | |
| Avaya Aura System Platform | =1.1 | |
| Avaya Aura System Platform | =6.0 | |
| Avaya Aura System Platform | =6.0-sp1 | |
| Avaya IQ | =5.0 | |
| Avaya IQ | =5.1 | |
| Avaya Voice Portal | =5.0 | |
| Avaya Voice Portal | =5.1 | |
| Avaya Voice Portal | =5.1-sp1 | |
| VMware ESX | =4.0 | |
| VMware ESX | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://secunia.com/advisories/41512
- http://www.securityfocus.com/bid/42529
- http://secunia.com/advisories/46397
- http://www.vupen.com/english/advisories/2010/2430
- http://www.vupen.com/english/advisories/2011/0298
- https://bugzilla.redhat.com/show_bug.cgi?id=624903
- http://www.redhat.com/support/errata/RHSA-2010-0723.html
- http://www.redhat.com/support/errata/RHSA-2010-0771.html
- http://www.redhat.com/support/errata/RHSA-2010-0779.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- http://www.ubuntu.com/usn/USN-1000-1
- http://www.openwall.com/lists/oss-security/2010/08/18/1
- http://www.openwall.com/lists/oss-security/2010/08/19/4
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8
- http://patchwork.ozlabs.org/patch/61857/
- http://support.avaya.com/css/P8/documents/100113326
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- https://launchpad.net/bugs/cve/CVE-2010-2942
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=1c40be12f7d8ca1d387510d39787b12e512a7ce8
- https://rhn.redhat.com/errata/RHSA-2010-0723.html
- https://rhn.redhat.com/errata/RHSA-2010-0771.html
- https://rhn.redhat.com/errata/RHSA-2010-0779.html
- https://security-tracker.debian.org/tracker/CVE-2010-2942
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2942
- https://nvd.nist.gov/vuln/detail/CVE-2010-2942
- https://ubuntu.com/security/CVE-2010-2942
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2942
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.35.13
- version/linux kernel/2.6.36
- version/linux kernel/2.6.36-rc1
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/8.04
- version/ubuntu linux/9.04
- version/ubuntu linux/9.10
- version/ubuntu linux/10.04
- version/ubuntu linux/10.10
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.1
- version/opensuse/11.3
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/10-sp3
- version/suse linux enterprise desktop/11
- version/suse linux enterprise desktop/11-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp3
- version/suse linux enterprise server/11
- version/suse linux enterprise server/11-sp1
- vendor/avaya
- canonical/avaya aura communication manager
- version/avaya aura communication manager/5.2
- canonical/avaya aura presence services
- version/avaya aura presence services/6.0
- version/avaya aura presence services/6.1
- version/avaya aura presence services/6.1.1
- canonical/avaya aura session manager
- version/avaya aura session manager/1.1
- version/avaya aura session manager/5.2
- version/avaya aura session manager/6.0
- canonical/avaya aura system manager
- version/avaya aura system manager/5.2
- version/avaya aura system manager/6.0
- version/avaya aura system manager/6.1
- version/avaya aura system manager/6.1.1
- canonical/avaya aura system platform
- version/avaya aura system platform/1.1
- version/avaya aura system platform/6.0
- version/avaya aura system platform/6.0-sp1
- canonical/avaya iq
- version/avaya iq/5.0
- version/avaya iq/5.1
- canonical/avaya voice portal
- version/avaya voice portal/5.0
- version/avaya voice portal/5.1
- version/avaya voice portal/5.1-sp1
- vendor/vmware
- canonical/vmware esx
- version/vmware esx/4.0
- version/vmware esx/4.1