Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2010-4655
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call..
CVSSv2.0 Score
- Severity
- Low
- Base Score
- 2.1/10
- Exploit Score
- 3.9/10
- Access Vector
- Local
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- Partial
- Availability Impact
- None
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- Medium
- Base Score
- 5.5/10
- Exploit Score
- 1.8/10
- Access Vector
- Local
- Access Complexity
- Low
- Privileges Required
- Low
- Impact Score
- 3.6/10
- Confidentiality Impact
- High
- Availability Impact
- None
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
Yes
|
- | 2.6.36 | |
cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* |
Yes
|
- | - |
References
- http://openwall.com/lists/oss-security/2011/01/24/9
- https://lkml.org/lkml/2010/10/7/297
- http://openwall.com/lists/oss-security/2011/01/25/4
- http://openwall.com/lists/oss-security/2011/01/25/3
- http://openwall.com/lists/oss-security/2011/01/25/5
- http://www.securityfocus.com/bid/45972
- https://bugzilla.redhat.com/show_bug.cgi?id=672428
- http://openwall.com/lists/oss-security/2011/01/28/1
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
- http://secunia.com/advisories/46397
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- http://www.ubuntu.com/usn/USN-1146-1
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b00916b1