CVE-2010-1437 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 47%

Vendor	Product	Version
linux	linux_kernel	𝑥 < 2.6.34
linux	linux_kernel	2.6.34:rc1
linux	linux_kernel	2.6.34:rc2
linux	linux_kernel	2.6.34:rc3
linux	linux_kernel	2.6.34:rc4
linux	linux_kernel	2.6.34:rc5
opensuse	opensuse	11.1
debian	debian_linux	5.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

linux

lucid	Fixed 2.6.32-24.39 released
karmic	Fixed 2.6.31-22.61 released
jaunty	Fixed 2.6.28-19.62 released
intrepid	ignored
hardy	Fixed 2.6.24-28.73 released
dapper	dne

linux-source-2.6.15

lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
dapper	Fixed 2.6.15-55.86 released

Known Exploits!

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

http://marc.info/?l=linux-kernel&m=127192182917857&w=2

http://marc.info/?l=linux-kernel&m=127274294622730&w=2

http://marc.info/?l=linux-kernel&m=127292492727029&w=2

http://secunia.com/advisories/39830

http://secunia.com/advisories/40218

http://secunia.com/advisories/40645

http://secunia.com/advisories/43315

http://www.debian.org/security/2010/dsa-2053

http://www.openwall.com/lists/oss-security/2010/04/27/2

http://www.openwall.com/lists/oss-security/2010/04/28/2

http://www.redhat.com/support/errata/RHSA-2010-0474.html

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.securityfocus.com/bid/39719

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vupen.com/english/advisories/2010/1857

https://bugzilla.redhat.com/show_bug.cgi?id=585094

https://exchange.xforce.ibmcloud.com/vulnerabilities/58254

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9715

https://patchwork.kernel.org/patch/94038/

https://patchwork.kernel.org/patch/94664/

http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

http://marc.info/?l=linux-kernel&m=127192182917857&w=2

http://marc.info/?l=linux-kernel&m=127274294622730&w=2

http://marc.info/?l=linux-kernel&m=127292492727029&w=2

http://secunia.com/advisories/39830

http://secunia.com/advisories/40218

http://secunia.com/advisories/40645

http://secunia.com/advisories/43315

http://www.debian.org/security/2010/dsa-2053

http://www.openwall.com/lists/oss-security/2010/04/27/2

http://www.openwall.com/lists/oss-security/2010/04/28/2

http://www.redhat.com/support/errata/RHSA-2010-0474.html

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.securityfocus.com/bid/39719

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vupen.com/english/advisories/2010/1857

https://bugzilla.redhat.com/show_bug.cgi?id=585094

https://exchange.xforce.ibmcloud.com/vulnerabilities/58254

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9715

https://patchwork.kernel.org/patch/94038/

https://patchwork.kernel.org/patch/94664/