Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-2955

Disclosure Date: September 08, 2010
CVE-2010-2955
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2010-2955 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2955)
BID-42885 (http://www.securityfocus.com/bid/42885)
Advisory
USN-1000-1 (http://www.ubuntu.com/usn/USN-1000-1)
http://www.redhat.com/support/errata/RHSA-2010-0771.html
http://git.kernel.org?p=linux/kernel/git/linville/wireless-2.6.git;a=commit;h=42da2f948d949efd0111309f5827bf0298bcc9a4
[linux-kernel] 20100830 Re: [PATCH] wireless: fix 64K kernel heap content leak via ioctl (http://lkml.org/lkml/2010/8/30/127)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
[linux-kernel] 20100830 Re: [PATCH] wireless extensions: fix kernel heap content leak (http://lkml.org/lkml/2010/8/30/351)
http://www.redhat.com/support/errata/RHSA-2010-0842.html
[oss-security] 20100831 CVE-2010-2955 kernel: wireless: fix 64K kernel heap content leak via ioctl (http://www.openwall.com/lists/oss-security/2010/08/31/1)
ADV-2011-0298 (http://www.vupen.com/english/advisories/2011/0298)
[linux-kernel] 20100827 [PATCH] wireless: fix 64K kernel heap content leak via ioctl (http://lkml.org/lkml/2010/8/27/413)
https://bugzilla.redhat.com/show_bug.cgi?id=628434
SECUNIA-41245 (http://secunia.com/advisories/41245)
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100831.bz2
[linux-kernel] 20100830 [PATCH] wireless extensions: fix kernel heap content leak (http://lkml.org/lkml/2010/8/30/146)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
Miscellaneous
http://grsecurity.net/~spender/wireless-infoleak-fix2.patch
http://forums.grsecurity.net/viewtopic.php?f=3&t=2290
http://git.kernel.org/?p=linux/kernel/git/linville/wireless-2.6.git%3Ba=commit%3Bh=42da2f948d949efd0111309f5827bf0298bcc9a4

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis