CVE-2010-4073: Infoleak
First published: Mon Nov 01 2010(Updated: )
Description of problem: The compat ipc functions allow unprivileged users to read uninitialized stack memory, because some of the structures used and declared on the stack are not altered or zeroed before being copied back to the user. Reference: <a href="http://www.openwall.com/lists/oss-security/2010/10/07/1">http://www.openwall.com/lists/oss-security/2010/10/07/1</a> <a href="http://lkml.org/lkml/2010/10/6/492">http://lkml.org/lkml/2010/10/6/492</a> Acknowledgements: Red Hat would like to thank Dan Rosenberg for reporting this issue.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux Kernel | <2.6.37 | |
| openSUSE | =11.3 | |
| SUSE Linux Enterprise Desktop with Beagle | =10-sp3 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp1 | |
| SUSE Linux Enterprise Real Time Extension | =11-sp1 | |
| SUSE Linux Enterprise Server | =9 | |
| SUSE Linux Enterprise Server | =10-sp3 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp3 | |
| Debian GNU/Linux | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2010/10/07/1
- http://lkml.org/lkml/2010/10/6/492
- http://git.kernel.org/linus/03145beb455cf5c20a761e8451e30b8a74ba58d9
- https://rhn.redhat.com/errata/RHSA-2010-0958.html
- https://rhn.redhat.com/errata/RHSA-2011-0007.html
- https://rhn.redhat.com/errata/RHSA-2011-0017.html
- https://rhn.redhat.com/errata/RHSA-2011-0162.html
- https://bugzilla.redhat.com/show_bug.cgi?id=648658
- https://security-tracker.debian.org/tracker/CVE-2010-4073
- http://www.openwall.com/lists/oss-security/2010/10/25/3
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=03145beb455cf5c20a761e8451e30b8a74ba58d9
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc1
- http://www.securityfocus.com/bid/45073
- http://www.debian.org/security/2010/dsa-2126
- http://www.redhat.com/support/errata/RHSA-2010-0958.html
- http://www.redhat.com/support/errata/RHSA-2011-0162.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
- http://secunia.com/advisories/42778
- http://secunia.com/advisories/42932
- http://secunia.com/advisories/42963
- http://www.vupen.com/english/advisories/2011/0012
- http://www.vupen.com/english/advisories/2011/0124
- http://www.vupen.com/english/advisories/2011/0168
- http://www.redhat.com/support/errata/RHSA-2011-0007.html
- http://www.redhat.com/support/errata/RHSA-2011-0017.html
- http://secunia.com/advisories/42884
- http://secunia.com/advisories/42890
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
- http://secunia.com/advisories/43291
- http://www.vupen.com/english/advisories/2011/0298
- http://www.vupen.com/english/advisories/2011/0375
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
- http://securityreason.com/securityalert/8366
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- http://secunia.com/advisories/46397
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- https://launchpad.net/bugs/cve/CVE-2010-4073
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=03145beb455cf5c20a761e8451e30b8a74ba58d9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073
- https://nvd.nist.gov/vuln/detail/CVE-2010-4073
- https://ubuntu.com/security/CVE-2010-4073
Frequently Asked Questions
What is the severity of CVE-2010-4073?
The severity of CVE-2010-4073 is considered medium due to the potential for unprivileged users to read uninitialized stack memory.
How do I fix CVE-2010-4073?
To fix CVE-2010-4073, update to a kernel version later than 2.6.37 which addresses the vulnerability.
What types of systems are affected by CVE-2010-4073?
CVE-2010-4073 affects various distributions that use the Linux kernel versions prior to 2.6.37.
What is the nature of the flaw in CVE-2010-4073?
The flaw in CVE-2010-4073 allows unprivileged users to access uninitialized stack memory due to inadequate cleanup of stack structures.
Is CVE-2010-4073 a remote exploit vulnerability?
No, CVE-2010-4073 requires local access to exploit the vulnerability because it involves reading stack memory.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4073
- agent/first-publish-date
- agent/type
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/severity
- collector/launchpad-cve
- source/Launchpad
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-historical
- collector/nvd-index
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.3
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/10-sp3
- version/suse linux enterprise desktop with beagle/11-sp1
- canonical/suse linux enterprise real time extension
- version/suse linux enterprise real time extension/11-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/9
- version/suse linux enterprise server/10-sp3
- version/suse linux enterprise server/11-sp1
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp3
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/5.0