CVE-2010-2492 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Vendor	Product	Version
linux	linux_kernel	𝑥 < 2.6.35
vmware	esx	4.0
vmware	esx	4.1
avaya	aura_communication_manager	5.2
avaya	aura_presence_services	6.0
avaya	aura_presence_services	6.1
avaya	aura_presence_services	6.1.1
avaya	aura_session_manager	1.1
avaya	aura_session_manager	5.2
avaya	aura_session_manager	6.0
avaya	aura_system_manager	5.2
avaya	aura_system_manager	6.0
avaya	aura_system_manager	6.1
avaya	aura_system_manager	6.1.1
avaya	aura_system_platform	1.1
avaya	aura_system_platform	6.0
avaya	aura_system_platform	6.0:sp1
avaya	aura_voice_portal	5.0
avaya	aura_voice_portal	5.1
avaya	aura_voice_portal	5.1:sp1
avaya	iq	5.0
avaya	iq	5.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

linux

lucid	Fixed 2.6.32-24.39 released
karmic	Fixed 2.6.31-22.61 released
jaunty	Fixed 2.6.28-19.62 released
hardy	Fixed 2.6.24-28.73 released
dapper	dne

linux-source-2.6.15

lucid	dne
karmic	dne
jaunty	dne
hardy	dne
dapper	not-affected

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff

http://secunia.com/advisories/42890

http://secunia.com/advisories/46397

http://support.avaya.com/css/P8/documents/100113326

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

http://www.mandriva.com/security/advisories?name=MDVSA-2010:172

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

http://www.redhat.com/support/errata/RHSA-2010-0723.html

http://www.redhat.com/support/errata/RHSA-2011-0007.html

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

https://bugzilla.redhat.com/show_bug.cgi?id=611385

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff

http://secunia.com/advisories/42890

http://secunia.com/advisories/46397

http://support.avaya.com/css/P8/documents/100113326

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

http://www.mandriva.com/security/advisories?name=MDVSA-2010:172

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

http://www.redhat.com/support/errata/RHSA-2010-0723.html

http://www.redhat.com/support/errata/RHSA-2011-0007.html

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

https://bugzilla.redhat.com/show_bug.cgi?id=611385