{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-08-17T00:00:00", "descriptions": [{"lang": "en", "value": "The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"}, {"name": "RHSA-2010:0723", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"}, {"name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "SUSE-SA:2010:041", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"}, {"name": "RHSA-2010:0771", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46397"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"}, {"name": "SUSE-SA:2010:040", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"}, {"name": "ADV-2010-2430", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2430"}, {"name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "SUSE-SA:2010:060", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"}, {"name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://patchwork.ozlabs.org/patch/61857/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/css/P8/documents/100113326"}, {"name": "[oss-security] 20100818 CVE request - kernel: net sched memleak", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"}, {"name": "42529", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/42529"}, {"name": "[oss-security] 20100819 Re: CVE request - kernel: net sched memleak", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"}, {"name": "SUSE-SA:2010:054", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"}, {"name": "41512", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41512"}, {"name": "RHSA-2010:0779", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:55:45.364Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"}, {"name": "RHSA-2010:0723", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"}, {"name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "SUSE-SA:2010:041", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"}, {"name": "RHSA-2010:0771", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46397"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"}, {"name": "SUSE-SA:2010:040", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"}, {"name": "ADV-2010-2430", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2430"}, {"name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "SUSE-SA:2010:060", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"}, {"name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://patchwork.ozlabs.org/patch/61857/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/css/P8/documents/100113326"}, {"name": "[oss-security] 20100818 CVE request - kernel: net sched memleak", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"}, {"name": "42529", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/42529"}, {"name": "[oss-security] 20100819 Re: CVE request - kernel: net sched memleak", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"}, {"name": "SUSE-SA:2010:054", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"}, {"name": "41512", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41512"}, {"name": "RHSA-2010:0779", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2942", "datePublished": "2010-09-21T17:00:00", "dateReserved": "2010-08-04T00:00:00", "dateUpdated": "2024-08-07T02:55:45.364Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C162EC4-E7AD-47B4-B974-EF9F9468E80F", "versionEndIncluding": "2.6.35.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*", "matchCriteriaId": "D4407EF9-4ECF-408F-9ECB-0705E3FB65D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*", "matchCriteriaId": "DBE26099-6D2C-4FAF-B15C-CBF985D59171", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*", "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "F140C5CF-5141-4F8D-B667-522A698AC632", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:-:*:*:*:*:*:*", "matchCriteriaId": "17C0CB9A-F8FA-423D-9D0E-64DC6525CD4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "10A193CD-12B9-4236-8A2C-E8CEAE592952", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "A516C153-239B-4F41-88B4-8B8D4F92115C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "DE5FEEB4-95BC-47AF-A6EA-FEF4C2AF1A2C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "F691F4E7-2FF1-4EFB-B21F-E510049A9940", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:aura_communication_manager:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6567360-D041-4C5A-A9DF-39223E5FF895", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_presence_services:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "47508B6A-134F-4795-A5D1-4256D38BCE57", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_presence_services:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "876BFAD3-DF3C-419D-89AD-160BC15F2B09", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_presence_services:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C308358C-A051-4E86-8621-EC7DEC866C1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_session_manager:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C5F5625-1601-4EFC-B710-58B145F10708", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_session_manager:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "CB6AB5D8-6E22-483E-A91E-0880FF9A2C97", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_session_manager:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D17B8A88-2355-409B-BF79-8BE78BCBC66A", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_system_manager:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "44D546F5-2751-41F0-9442-8F1EB904E294", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_system_manager:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7C82ABC-54B9-454C-A9F9-2DBFF1D62364", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_system_manager:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA1A137E-0BA3-4E17-AC1F-AEB92C205B78", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_system_manager:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C7E6391-D86C-45AF-962C-7162FC8B706C", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_system_platform:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "76E0FA7D-9F1B-4B1D-8B2D-85D2ED6DC00C", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_system_platform:6.0:-:*:*:*:*:*:*", "matchCriteriaId": "A7F1DDA6-7664-41AA-8364-8BEF7834531E", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:aura_system_platform:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "DC1A931C-EEB1-4630-A1F5-C0B5166724A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:iq:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C850D33E-6E6A-4AAC-96B9-8510C902E38A", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:iq:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "75A6A088-DE78-406D-AC52-66159B8A9869", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:voice_portal:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5795B04-82E1-4289-BC45-02AEFA0C28F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:voice_portal:5.1:-:*:*:*:*:*:*", "matchCriteriaId": "9F2CA6D2-CED8-4A72-8D34-2A9310AA724D", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:voice_portal:5.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "5DAAEB2D-7C42-4610-B9DD-810788C979C0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c."}, {"lang": "es", "value": "La implementaci\u00f3n de acciones en la funcionalidad de encolado de red en el kernel Linx anterior a v2.6.36-rc2 no inicializa apropiadamente ciertos miembros de estructura cuando se realizan acciones de volcado, lo que permite a usuarios locales obtener informaci\u00f3n potencialmente sensible de la memoria del kernel a trav\u00e9s de vectores relacionados con (1) la funcion tcf_gact_dump en net/sched/act_gact.c, (2) la funcion tcf_mirred_dump en net/sched/act_mirred.c, (3) la funcion tcf_nat_dump en net/sched/act_nat.c, (4) la funcion tcf_simp_dump en net/sched/act_simple.c, y (5) la funcion tcf_skbedit_dump en net/sched/act_skbedit.c."}], "id": "CVE-2010-2942", "lastModified": "2024-11-21T01:17:42.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2010-09-21T18:00:02.127", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://patchwork.ozlabs.org/patch/61857/"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/41512"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/46397"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/css/P8/documents/100113326"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/42529"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2010/2430"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://patchwork.ozlabs.org/patch/61857/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/41512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/46397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/css/P8/documents/100113326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/42529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2010/2430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0771", "cpe": "cpe:/a:redhat:enterprise_mrg:1::el5", "package": "kernel-rt-0:2.6.33.7-rt29.45.el5rt", "product_name": "MRG for RHEL-5", "release_date": "2010-10-14T00:00:00Z"}, {"advisory": "RHSA-2010:0779", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "kernel-0:2.6.9-89.31.1.EL", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-10-19T00:00:00Z"}, {"advisory": "RHSA-2010:0723", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-194.17.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-09-29T00:00:00Z"}], "bugzilla": {"description": "kernel: net sched: fix some kernel memory leaks", "id": "624903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-401", "details": ["The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c."], "name": "CVE-2010-2942", "public_date": "2010-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2942\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2942"], "statement": "This issue did not affect the version of Linux kernel as shipped with Red Hat\nEnterprise Linux 3 as it did not include upstream commit be84c7f6 (history repository) that introduced the problem. A future kernel update in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG will address this issue.", "threat_severity": "Moderate"}