Vulnerability CVE-2010-2522


Published: 2010-07-13   Modified: 2012-02-13

Description:
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Linux-ipv6 -> UMIP 

 References:
http://marc.info/?l=oss-security&m=127859390815405&w=2
http://www.securityfocus.com/bid/41524
http://www.openwall.com/lists/oss-security/2010/07/09/1
http://www.openwall.com/lists/oss-security/2010/07/07/4
http://www.openwall.com/lists/oss-security/2010/07/06/5
http://marc.info/?l=oss-security&m=127850299910685&w=2
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Copyright 2024, cxsecurity.com

 

Back to Top