National Vulnerability Database (NVD) National Vulnerability Database (CVE-2010-2248)

National Cyber Awareness System

Vulnerability Summary for CVE-2010-2248

Original release date:09/07/2010

Last revised:03/19/2012

Source: US-CERT/NIST

Overview

fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) (legend)

Impact Subscore: 6.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows disruption of serviceUnknown

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 42242

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/42242

External Source: REDHAT

Name: RHSA-2010:0606

Hyperlink:https://rhn.redhat.com/errata/RHSA-2010-0606.html

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=608583

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=608583

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2011-0003.html

External Source: UBUNTU

Name: USN-1000-1

Hyperlink:http://www.ubuntu.com/usn/USN-1000-1

External Source: BUGTRAQ

Name: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded

External Source: REDHAT

Name: RHSA-2010:0610

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0610.html

External Source: MLIST

Name: [oss-security] 20100628 Re: CVE request - kernel: cifs: Fix a kernel BUG with remote OS/2 server

Hyperlink:http://www.openwall.com/lists/oss-security/2010/06/28/6

External Source: MLIST

Name: [oss-security] 20100628 CVE request - kernel: cifs: Fix a kernel BUG with remote OS/2 server

Hyperlink:http://www.openwall.com/lists/oss-security/2010/06/28/1

External Source: MANDRIVA

Name: MDVSA-2011:051

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

External Source: MANDRIVA

Name: MDVSA-2010:198

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

External Source: CONFIRM

Name: http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc4

Hyperlink:http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc4

External Source: DEBIAN

Name: DSA-2094

Hyperlink:http://www.debian.org/security/2010/dsa-2094

External Source: SECTRACK

Name: 1024285

Hyperlink:http://securitytracker.com/id?1024285

External Source: SECUNIA

Name: 43315

Hyperlink:http://secunia.com/advisories/43315

External Source: SUSE

Name: SUSE-SA:2010:060

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html

External Source: CONFIRM

Name: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6513a81e9325d712f1bfb9a1d7b750134e49ff18

Hyperlink:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6513a81e9325d712f1bfb9a1d7b750134e49ff18

Vulnerable software and versions

Configuration 1

* cpe:/o:linux:linux_kernel:2.6.32.4

* cpe:/o:linux:linux_kernel:2.6.32.3

* cpe:/o:linux:linux_kernel:2.6.32.2

* cpe:/o:linux:linux_kernel:2.6.32.1

* cpe:/o:linux:linux_kernel:2.6.32

* cpe:/o:linux:linux_kernel:2.6.0

* cpe:/o:linux:linux_kernel:2.6.1

* cpe:/o:linux:linux_kernel:2.6.10

* cpe:/o:linux:linux_kernel:2.6.11

* cpe:/o:linux:linux_kernel:2.6.11.1

* cpe:/o:linux:linux_kernel:2.6.11.10

* cpe:/o:linux:linux_kernel:2.6.11.11

* cpe:/o:linux:linux_kernel:2.6.11.12

* cpe:/o:linux:linux_kernel:2.6.11.2

* cpe:/o:linux:linux_kernel:2.6.11.3

* cpe:/o:linux:linux_kernel:2.6.11.4

* cpe:/o:linux:linux_kernel:2.6.11.5

* cpe:/o:linux:linux_kernel:2.6.11.6

* cpe:/o:linux:linux_kernel:2.6.11.7

* cpe:/o:linux:linux_kernel:2.6.11.8

* cpe:/o:linux:linux_kernel:2.6.11.9

* cpe:/o:linux:linux_kernel:2.6.12

* cpe:/o:linux:linux_kernel:2.6.12.1

* cpe:/o:linux:linux_kernel:2.6.12.2

* cpe:/o:linux:linux_kernel:2.6.12.3

* cpe:/o:linux:linux_kernel:2.6.12.4

* cpe:/o:linux:linux_kernel:2.6.12.5

* cpe:/o:linux:linux_kernel:2.6.12.6

* cpe:/o:linux:linux_kernel:2.6.13

* cpe:/o:linux:linux_kernel:2.6.13.1

* cpe:/o:linux:linux_kernel:2.6.13.2

* cpe:/o:linux:linux_kernel:2.6.13.3

* cpe:/o:linux:linux_kernel:2.6.13.4

* cpe:/o:linux:linux_kernel:2.6.13.5

* cpe:/o:linux:linux_kernel:2.6.14

* cpe:/o:linux:linux_kernel:2.6.14.1

* cpe:/o:linux:linux_kernel:2.6.14.3

* cpe:/o:linux:linux_kernel:2.6.14.4

* cpe:/o:linux:linux_kernel:2.6.14.5

* cpe:/o:linux:linux_kernel:2.6.14.6

* cpe:/o:linux:linux_kernel:2.6.14.7

* cpe:/o:linux:linux_kernel:2.6.15

* cpe:/o:linux:linux_kernel:2.6.15.1

* cpe:/o:linux:linux_kernel:2.6.15.2

* cpe:/o:linux:linux_kernel:2.6.15.3

* cpe:/o:linux:linux_kernel:2.6.15.4

* cpe:/o:linux:linux_kernel:2.6.15.5

* cpe:/o:linux:linux_kernel:2.6.15.6

* cpe:/o:linux:linux_kernel:2.6.15.7

* cpe:/o:linux:linux_kernel:2.6.16

* cpe:/o:linux:linux_kernel:2.6.16.1

* cpe:/o:linux:linux_kernel:2.6.16.10

* cpe:/o:linux:linux_kernel:2.6.16.11

* cpe:/o:linux:linux_kernel:2.6.16.12

* cpe:/o:linux:linux_kernel:2.6.16.13

* cpe:/o:linux:linux_kernel:2.6.16.14

* cpe:/o:linux:linux_kernel:2.6.16.15

* cpe:/o:linux:linux_kernel:2.6.16.16

* cpe:/o:linux:linux_kernel:2.6.16.17

* cpe:/o:linux:linux_kernel:2.6.16.18

* cpe:/o:linux:linux_kernel:2.6.16.19

* cpe:/o:linux:linux_kernel:2.6.16.2

* cpe:/o:linux:linux_kernel:2.6.16.20

* cpe:/o:linux:linux_kernel:2.6.16.21

* cpe:/o:linux:linux_kernel:2.6.16.22

* cpe:/o:linux:linux_kernel:2.6.16.23

* cpe:/o:linux:linux_kernel:2.6.16.24

* cpe:/o:linux:linux_kernel:2.6.16.25

* cpe:/o:linux:linux_kernel:2.6.16.26

* cpe:/o:linux:linux_kernel:2.6.16.27

* cpe:/o:linux:linux_kernel:2.6.16.28

* cpe:/o:linux:linux_kernel:2.6.16.29

* cpe:/o:linux:linux_kernel:2.6.16.3

* cpe:/o:linux:linux_kernel:2.6.16.30

* cpe:/o:linux:linux_kernel:2.6.16.31

* cpe:/o:linux:linux_kernel:2.6.16.4

* cpe:/o:linux:linux_kernel:2.6.16.5

* cpe:/o:linux:linux_kernel:2.6.16.6

* cpe:/o:linux:linux_kernel:2.6.16.7

* cpe:/o:linux:linux_kernel:2.6.16.8

* cpe:/o:linux:linux_kernel:2.6.16.9

* cpe:/o:linux:linux_kernel:2.6.17

* cpe:/o:linux:linux_kernel:2.6.17.1

* cpe:/o:linux:linux_kernel:2.6.17.10

* cpe:/o:linux:linux_kernel:2.6.17.11

* cpe:/o:linux:linux_kernel:2.6.17.12

* cpe:/o:linux:linux_kernel:2.6.17.13

* cpe:/o:linux:linux_kernel:2.6.17.14

* cpe:/o:linux:linux_kernel:2.6.17.2

* cpe:/o:linux:linux_kernel:2.6.17.3

* cpe:/o:linux:linux_kernel:2.6.17.4

* cpe:/o:linux:linux_kernel:2.6.17.5

* cpe:/o:linux:linux_kernel:2.6.17.6

* cpe:/o:linux:linux_kernel:2.6.17.7

* cpe:/o:linux:linux_kernel:2.6.17.8

* cpe:/o:linux:linux_kernel:2.6.17.9

* cpe:/o:linux:linux_kernel:2.6.18.1

* cpe:/o:linux:linux_kernel:2.6.18.2

* cpe:/o:linux:linux_kernel:2.6.18.3

* cpe:/o:linux:linux_kernel:2.6.18.4

* cpe:/o:linux:linux_kernel:2.6.18.5

* cpe:/o:linux:linux_kernel:2.6.18.6

* cpe:/o:linux:linux_kernel:2.6.18.7

* cpe:/o:linux:linux_kernel:2.6.18.8

* cpe:/o:linux:linux_kernel:2.6.2

* cpe:/o:linux:linux_kernel:2.6.22

* cpe:/o:linux:linux_kernel:2.6.22.2

* cpe:/o:linux:linux_kernel:2.6.22.3

* cpe:/o:linux:linux_kernel:2.6.22.4

* cpe:/o:linux:linux_kernel:2.6.22.5

* cpe:/o:linux:linux_kernel:2.6.22.6

* cpe:/o:linux:linux_kernel:2.6.22.7

* cpe:/o:linux:linux_kernel:2.6.23

* cpe:/o:linux:linux_kernel:2.6.23.1

* cpe:/o:linux:linux_kernel:2.6.23.2

* cpe:/o:linux:linux_kernel:2.6.23.3

* cpe:/o:linux:linux_kernel:2.6.23.4

* cpe:/o:linux:linux_kernel:2.6.23.5

* cpe:/o:linux:linux_kernel:2.6.23.6

* cpe:/o:linux:linux_kernel:2.6.23.7

* cpe:/o:linux:linux_kernel:2.6.23:rc2

* cpe:/o:linux:linux_kernel:2.6.23:rc1

* cpe:/o:linux:linux_kernel:2.6.24:rc1

* cpe:/o:linux:linux_kernel:2.6.24:rc2

* cpe:/o:linux:linux_kernel:2.6.24:rc3

* cpe:/o:linux:linux_kernel:2.6.24:rc4

* cpe:/o:linux:linux_kernel:2.6.24:rc5

* cpe:/o:linux:linux_kernel:2.6.3

* cpe:/o:linux:linux_kernel:2.6.4

* cpe:/o:linux:linux_kernel:2.6.5

* cpe:/o:linux:linux_kernel:2.6.6

* cpe:/o:linux:linux_kernel:2.6.7

* cpe:/o:linux:linux_kernel:2.6.8

* cpe:/o:linux:linux_kernel:2.6.8.1

* cpe:/o:linux:linux_kernel:2.6.9

* cpe:/o:linux:linux_kernel:2.6.33:rc1

* cpe:/o:linux:linux_kernel:2.6.33:rc2

* cpe:/o:linux:linux_kernel:2.6.33:rc4

* cpe:/o:linux:linux_kernel:2.6.33:rc5

* cpe:/o:linux:linux_kernel:2.6.34:rc3 and previous versions

* cpe:/o:linux:linux_kernel:2.6.34:rc2

* cpe:/o:linux:linux_kernel:2.6.34:rc1

* cpe:/o:linux:linux_kernel:2.6.33:rc6

* cpe:/o:linux:linux_kernel:2.6.33:rc3

* cpe:/o:linux:linux_kernel:2.6.33.2

* cpe:/o:linux:linux_kernel:2.6.33.1

* cpe:/o:linux:linux_kernel:2.6.33

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Input Validation (CWE-20)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248