CVE-2010-4565: Infoleak
First published: Mon Dec 20 2010(Updated: )
Description of problem: In bcm_connect() (in net/can/bcm.c), there is the following code: sprintf(bo->procname, "%p", sock); The CAN protocol uses the address of a kernel heap object sock as a proc filename, revealing information that could be useful during exploitation. Reference: <a href="http://seclists.org/oss-sec/2010/q4/103">http://seclists.org/oss-sec/2010/q4/103</a> <a href="http://www.spinics.net/lists/netdev/msg145791.html">http://www.spinics.net/lists/netdev/msg145791.html</a> Acknowledgements: Red Hat would like to thank Dan Rosenberg for reporting this issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| debian/user-mode-linux | ||
| Linux kernel | <=2.6.36 | |
| Linux Kernel | <=2.6.36 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://openwall.com/lists/oss-security/2010/12/20/2
- http://www.spinics.net/lists/netdev/msg146468.html
- http://www.spinics.net/lists/netdev/msg146270.html
- http://www.spinics.net/lists/netdev/msg145791.html
- http://openwall.com/lists/oss-security/2010/11/04/4
- http://openwall.com/lists/oss-security/2010/11/03/3
- http://www.securityfocus.com/bid/44661
- http://openwall.com/lists/oss-security/2010/12/21/1
- http://www.spinics.net/lists/netdev/msg145796.html
- https://bugzilla.redhat.com/show_bug.cgi?id=664544
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
- http://seclists.org/oss-sec/2010/q4/103
- https://rhn.redhat.com/errata/RHSA-2011-0330.html
- http://www.spinics.net/lists/netdev/msg151020.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=664544#c4
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83
- https://rhn.redhat.com/errata/RHSA-2011-0498.html
- https://launchpad.net/bugs/cve/CVE-2010-4565
- https://security-tracker.debian.org/tracker/CVE-2010-4565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4565
- https://nvd.nist.gov/vuln/detail/CVE-2010-4565
- https://ubuntu.com/security/CVE-2010-4565
Frequently Asked Questions
What is the severity of CVE-2010-4565?
The severity of CVE-2010-4565 is considered medium due to information disclosure risks.
How do I fix CVE-2010-4565?
You can fix CVE-2010-4565 by upgrading to a version of the Linux kernel that is higher than 2.6.36.
What does CVE-2010-4565 exploit?
CVE-2010-4565 exploits the CAN protocol vulnerability that reveals kernel heap object addresses.
Which versions of the Linux kernel are affected by CVE-2010-4565?
CVE-2010-4565 affects the Linux kernel versions up to and including 2.6.36.
Is user-mode-linux vulnerable to CVE-2010-4565?
Yes, user-mode-linux is also vulnerable to CVE-2010-4565.
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4565
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.36