CVE-2010-2942
First published: Wed Aug 18 2010(Updated: )
Description of problem: We leak at least 32bits of kernel memory to user land in tc dump, because we dont init all fields (capab ?) of the dumped structure. Use C99 initializers so that holes and non explicit fields are zeroed. <a href="http://patchwork.ozlabs.org/patch/61857/">http://patchwork.ozlabs.org/patch/61857/</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux Linux kernel | =2.6.36-rc1 | |
| Linux Linux kernel | <=2.6.35.13 | |
| Linux Linux kernel | =2.6.36 | |
| Canonical Ubuntu Linux | =10.10 | |
| Canonical Ubuntu Linux | =9.04 | |
| Canonical Ubuntu Linux | =9.10 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =6.06 | |
| openSUSE openSUSE | =11.1 | |
| openSUSE openSUSE | =11.3 | |
| SUSE SUSE Linux Enterprise Server | =11-sp1 | |
| SUSE SUSE Linux Enterprise Desktop | =11-sp1 | |
| SUSE SUSE Linux Enterprise Server | =11 | |
| SUSE SUSE Linux Enterprise Server | =10-sp3 | |
| SUSE SUSE Linux Enterprise Desktop | =10-sp3 | |
| SUSE SUSE Linux Enterprise Desktop | =11 | |
| Avaya Aura System Manager | =6.0 | |
| Avaya Aura System Manager | =5.2 | |
| Avaya Aura Communication Manager | =5.2 | |
| Avaya Voice Portal | =5.1 | |
| Avaya Voice Portal | =5.1-sp1 | |
| Avaya Voice Portal | =5.0 | |
| Avaya Aura System Platform | =1.1 | |
| Avaya Aura System Platform | =6.0 | |
| Avaya Aura System Platform | =6.0-sp1 | |
| Avaya Aura System Manager | =6.1 | |
| Avaya Aura System Manager | =6.1.1 | |
| Avaya Aura Session Manager | =1.1 | |
| Avaya Aura Session Manager | =5.2 | |
| Avaya Aura Session Manager | =6.0 | |
| Avaya Aura Presence Services | =6.1 | |
| Avaya Aura Presence Services | =6.1.1 | |
| Avaya Aura Presence Services | =6.0 | |
| Avaya Iq | =5.1 | |
| Avaya Iq | =5.0 | |
| VMware ESX | =4.1 | |
| VMware ESX | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://secunia.com/advisories/41512
- http://www.securityfocus.com/bid/42529
- http://secunia.com/advisories/46397
- http://www.vupen.com/english/advisories/2010/2430
- http://www.vupen.com/english/advisories/2011/0298
- https://bugzilla.redhat.com/show_bug.cgi?id=624903
- http://www.redhat.com/support/errata/RHSA-2010-0723.html
- http://www.redhat.com/support/errata/RHSA-2010-0771.html
- http://www.redhat.com/support/errata/RHSA-2010-0779.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- http://www.ubuntu.com/usn/USN-1000-1
- http://www.openwall.com/lists/oss-security/2010/08/18/1
- http://www.openwall.com/lists/oss-security/2010/08/19/4
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8
- http://patchwork.ozlabs.org/patch/61857/
- http://support.avaya.com/css/P8/documents/100113326
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- https://launchpad.net/bugs/cve/CVE-2010-2942
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=1c40be12f7d8ca1d387510d39787b12e512a7ce8
- https://rhn.redhat.com/errata/RHSA-2010-0723.html
- https://rhn.redhat.com/errata/RHSA-2010-0771.html
- https://rhn.redhat.com/errata/RHSA-2010-0779.html
- https://security-tracker.debian.org/tracker/CVE-2010-2942
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2942
- https://nvd.nist.gov/vuln/detail/CVE-2010-2942
- https://ubuntu.com/security/CVE-2010-2942
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2942
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/references
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.36-rc1
- version/linux linux kernel/2.6.35.13
- version/linux linux kernel/2.6.36
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.10
- version/canonical ubuntu linux/9.04
- version/canonical ubuntu linux/9.10
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/6.06
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/11.1
- version/opensuse opensuse/11.3
- vendor/suse
- canonical/suse suse linux enterprise server
- version/suse suse linux enterprise server/11-sp1
- canonical/suse suse linux enterprise desktop
- version/suse suse linux enterprise desktop/11-sp1
- version/suse suse linux enterprise server/11
- version/suse suse linux enterprise server/10-sp3
- version/suse suse linux enterprise desktop/10-sp3
- version/suse suse linux enterprise desktop/11
- vendor/avaya
- canonical/avaya aura system manager
- version/avaya aura system manager/6.0
- version/avaya aura system manager/5.2
- canonical/avaya aura communication manager
- version/avaya aura communication manager/5.2
- canonical/avaya voice portal
- version/avaya voice portal/5.1
- version/avaya voice portal/5.1-sp1
- version/avaya voice portal/5.0
- canonical/avaya aura system platform
- version/avaya aura system platform/1.1
- version/avaya aura system platform/6.0
- version/avaya aura system platform/6.0-sp1
- version/avaya aura system manager/6.1
- version/avaya aura system manager/6.1.1
- canonical/avaya aura session manager
- version/avaya aura session manager/1.1
- version/avaya aura session manager/5.2
- version/avaya aura session manager/6.0
- canonical/avaya aura presence services
- version/avaya aura presence services/6.1
- version/avaya aura presence services/6.1.1
- version/avaya aura presence services/6.0
- canonical/avaya iq
- version/avaya iq/5.1
- version/avaya iq/5.0
- vendor/vmware
- canonical/vmware esx
- version/vmware esx/4.1
- version/vmware esx/4.0