CVE-2010-2492 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2010-2492?

CVE-2010-2492 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-2492?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Vmware Esx, Avaya Aura Communication Manager, Avaya Aura Presence Services, Avaya Aura Session Manager.

Vulnerability Description

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.35
Vmware	Esx	4.0
Avaya	Aura Communication Manager	5.2
Avaya	Aura Presence Services	6.0
Avaya	Aura Session Manager	1.1
Avaya	Aura System Manager	5.2
Avaya	Aura System Platform	1.1
Avaya	Aura Voice Portal	5.0
Avaya	Iq	5.0

Related Weaknesses (CWE)

CWE-120

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://secunia.com/advisories/42890Broken Link
http://secunia.com/advisories/46397Broken Link
http://support.avaya.com/css/P8/documents/100113326Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0723.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2011-0007.htmlBroken Link
http://www.securityfocus.com/archive/1/520102/100/0/threadedThird Party AdvisoryVDB Entry
http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=611385Issue TrackingPatchThird Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://secunia.com/advisories/42890Broken Link
http://secunia.com/advisories/46397Broken Link

FAQ

What is CVE-2010-2492?

CVE-2010-2492 is a vulnerability with a CVSS score of 7.8 (HIGH). Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of se...

How severe is CVE-2010-2492?

CVE-2010-2492 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2492?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Vmware Esx, Avaya Aura Communication Manager, Avaya Aura Presence Services, Avaya Aura Session Manager.