CVE-2010-3859

kernel: tipc: heap overflow in tipc_msg_build()

Severity Score

6.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.

Múltiples errores de signo de entero en la implementación de TIPC en el kernel de Linux anteriores a v2.6.36.2 permite a usuarios locales conseguir privilegios a través de una llamada manipulada sendmsg que provoca un desbordamiento de búfer basado en memoria dinámica, relacionado con la función tipc_msg_build en net/tipc/msg.c y la función verify_iovec en net/core/iovec.c.

*Credits: N/A

CVSS Scores

NISTv2 6.9

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-10-08 CVE Reserved
2010-11-29 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (27)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=253eacc070b114c2ec1f81b067d2fed7305467b0	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8acfe468b0384e834a303f08ebc4953d72fb690a	X_refsource_confirm
http://marc.info/?l=linux-netdev&m=128770476511716&w=2	Mailing List
http://secunia.com/advisories/42789	Third Party Advisory
http://secunia.com/advisories/42963	Third Party Advisory
http://secunia.com/advisories/46397	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2	Broken Link
http://www.openwall.com/lists/oss-security/2010/10/22/2	Mailing List
http://www.openwall.com/lists/oss-security/2010/10/22/5	Mailing List
http://www.securityfocus.com/archive/1/520102/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/44354	Third Party Advisory
http://www.spinics.net/lists/netdev/msg145247.html	Mailing List
http://www.spinics.net/lists/netdev/msg145248.html	Mailing List
http://www.vmware.com/security/advisories/VMSA-2011-0012.html	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0024	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0168	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.spinics.net/lists/netdev/msg145262.html	2023-02-13
http://www.spinics.net/lists/netdev/msg145263.html	2023-02-13
http://www.spinics.net/lists/netdev/msg145264.html	2023-02-13
http://www.spinics.net/lists/netdev/msg145265.html	2023-02-13
http://www.spinics.net/lists/netdev/msg145352.html	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=645867	2011-01-18

URL	Date	SRC
http://www.debian.org/security/2010/dsa-2126	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029	2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0004.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0162.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2010-3859	2011-01-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 2.6.36.2 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.36.2"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0"		-		Affected