7.8

CVE-2010-3081

Exploit
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 2.6.35.4
LinuxLinux Kernel Version2.6.36 Update-
LinuxLinux Kernel Version2.6.36 Updaterc1
LinuxLinux Kernel Version2.6.36 Updaterc2
LinuxLinux Kernel Version2.6.36 Updaterc3
VMwareEsx Version4.0
VMwareEsx Version4.1
SuseSuse Linux Enterprise Desktop Version11 Updatesp1
SuseSuse Linux Enterprise Server Version11 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.53% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/archive/1/516397/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0882.html
Broken Link
http://secunia.com/advisories/43315
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
Third Party Advisory
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2010:247
Broken Link
http://www.vupen.com/english/advisories/2010/3117
Broken Link
http://www.vupen.com/english/advisories/2011/0298
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
Third Party Advisory
Mailing List
http://www.redhat.com/support/errata/RHSA-2010-0842.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0758.html
Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log
Broken Link
http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html
Broken Link
http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html
Broken Link
http://blog.ksplice.com/2010/09/cve-2010-3081/
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6
http://isc.sans.edu/diary.html?storyid=9574
Patch
Third Party Advisory
http://marc.info/?l=oss-security&m=128461522230211&w=2
Patch
Third Party Advisory
Mailing List
http://secunia.com/advisories/42384
Broken Link
http://sota.gen.nz/compat1/
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:214
Broken Link
http://www.securityfocus.com/archive/1/514938/30/30/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2010-0017.html
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3083
Broken Link
https://access.redhat.com/kb/docs/DOC-40265
Patch
Third Party Advisory
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=634457
Patch
Third Party Advisory
Issue Tracking