CVE-2010-4073: Infoleak
First published: Mon Nov 01 2010(Updated: )
Description of problem: The compat ipc functions allow unprivileged users to read uninitialized stack memory, because some of the structures used and declared on the stack are not altered or zeroed before being copied back to the user. Reference: <a href="http://www.openwall.com/lists/oss-security/2010/10/07/1">http://www.openwall.com/lists/oss-security/2010/10/07/1</a> <a href="http://lkml.org/lkml/2010/10/6/492">http://lkml.org/lkml/2010/10/6/492</a> Acknowledgements: Red Hat would like to thank Dan Rosenberg for reporting this issue.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux Linux kernel | <2.6.37 | |
| openSUSE openSUSE | =11.3 | |
| SUSE Linux Enterprise Desktop | =10-sp3 | |
| SUSE Linux Enterprise Desktop | =11-sp1 | |
| Suse Linux Enterprise Real Time Extension | =11-sp1 | |
| SUSE Linux Enterprise Server | =9 | |
| SUSE Linux Enterprise Server | =10-sp3 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp3 | |
| Debian Debian Linux | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2010/10/07/1
- http://lkml.org/lkml/2010/10/6/492
- http://git.kernel.org/linus/03145beb455cf5c20a761e8451e30b8a74ba58d9
- https://rhn.redhat.com/errata/RHSA-2010-0958.html
- https://rhn.redhat.com/errata/RHSA-2011-0007.html
- https://rhn.redhat.com/errata/RHSA-2011-0017.html
- https://rhn.redhat.com/errata/RHSA-2011-0162.html
- https://bugzilla.redhat.com/show_bug.cgi?id=648658
- https://security-tracker.debian.org/tracker/CVE-2010-4073
- http://www.openwall.com/lists/oss-security/2010/10/25/3
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=03145beb455cf5c20a761e8451e30b8a74ba58d9
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc1
- http://www.securityfocus.com/bid/45073
- http://www.debian.org/security/2010/dsa-2126
- http://www.redhat.com/support/errata/RHSA-2010-0958.html
- http://www.redhat.com/support/errata/RHSA-2011-0162.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
- http://secunia.com/advisories/42778
- http://secunia.com/advisories/42932
- http://secunia.com/advisories/42963
- http://www.vupen.com/english/advisories/2011/0012
- http://www.vupen.com/english/advisories/2011/0124
- http://www.vupen.com/english/advisories/2011/0168
- http://www.redhat.com/support/errata/RHSA-2011-0007.html
- http://www.redhat.com/support/errata/RHSA-2011-0017.html
- http://secunia.com/advisories/42884
- http://secunia.com/advisories/42890
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
- http://secunia.com/advisories/43291
- http://www.vupen.com/english/advisories/2011/0298
- http://www.vupen.com/english/advisories/2011/0375
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
- http://securityreason.com/securityalert/8366
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- http://secunia.com/advisories/46397
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- https://launchpad.net/bugs/cve/CVE-2010-4073
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=03145beb455cf5c20a761e8451e30b8a74ba58d9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073
- https://nvd.nist.gov/vuln/detail/CVE-2010-4073
- https://ubuntu.com/security/CVE-2010-4073
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4073
- agent/first-publish-date
- agent/type
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/severity
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/11.3
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/10-sp3
- version/suse linux enterprise desktop/11-sp1
- canonical/suse linux enterprise real time extension
- version/suse linux enterprise real time extension/11-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/9
- version/suse linux enterprise server/10-sp3
- version/suse linux enterprise server/11-sp1
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp3
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/5.0