Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2010-4249

Published: 29/11/2010 Updated: 13/02/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 495
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Linux

Vulnerability Summary

The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel prior to 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 2.6.37

linux linux kernel

fedoraproject fedora 13

Vendor Advisories

Ubuntu Security Notice: linux-lts-backport-maverick vulnerabilities
Multiple kernel flaws ...
Ubuntu Security Notice: linux-mvl-dove vulnerabilities
An attacker could send crafted input to the kernel and cause it to crash ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel ...
Ubuntu Security Notice: linux-source-2.6.15 vulnerabilities
Multiple flaws fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-ec2 vulnerabilities
Multiple kernel vulnerablilities ...
Ubuntu Security Notice: linux-fsl-imx51 vulnerabilities
Multiple kernel flaws ...
Ubuntu Security Notice: linux-fsl-imx51 vulnerabilities
Multiple kernel flaws ...
Ubuntu Security Notice: linux, linux-ec2 vulnerabilities
Multiple kernel flaws ...
Ubuntu Security Notice: linux vulnerabilities
Multiple kernel flaws have been fixed ...

Exploits

Exploit DB: Linux Kernel 2.6.37 - Unix Sockets Local Denial of Service
/* Simple kernel attack using socketpair easy, 100% reproductiblle, works under guest no way to protect :( Simple kernel attack using socketpair easy, 100% reproductiblle, works under guest no way to protect :( See source attached Process become in state 'Running' but not killalble via kill -KILL eat 100% CPU, eat all available internal ...

References

CWE-400http://www.openwall.com/lists/oss-security/2010/11/24/2http://www.openwall.com/lists/oss-security/2010/11/24/10http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.37-rc3-next-20101125.bz2http://marc.info/?l=linux-netdev&m=129059035929046&w=2http://www.securityfocus.com/bid/45037http://lkml.org/lkml/2010/11/23/450http://lkml.org/lkml/2010/11/25/8http://www.exploit-db.com/exploits/15622/https://bugzilla.redhat.com/show_bug.cgi?id=656756http://lkml.org/lkml/2010/11/23/395http://secunia.com/advisories/42354http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.htmlhttp://www.vupen.com/english/advisories/2010/3321http://secunia.com/advisories/42745http://www.redhat.com/support/errata/RHSA-2011-0162.htmlhttp://secunia.com/advisories/42963http://www.vupen.com/english/advisories/2011/0168http://secunia.com/advisories/42890http://www.redhat.com/support/errata/RHSA-2011-0007.htmlhttp://secunia.com/advisories/46397http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlhttp://www.securityfocus.com/archive/1/520102/100/0/threadedhttp://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9915672d41273f5b77f1b3c29b391ffb7732b84bhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/15622/https://usn.ubuntu.com/1083-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook