Vulnerability DatabaseCVE-2010-4249
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2010-4249
November 29, 2010
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
Related Resources (25)
http://www.vupen.com/english/advisories/2011/0168
http://secunia.com/advisories/42890
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.37-rc3-next-20101125.bz2
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://access.redhat.com/security/cve/CVE-2010-4249
http://www.vupen.com/english/advisories/2010/3321
https://bugzilla.redhat.com/show_bug.cgi?id=656756
http://secunia.com/advisories/42745
http://www.redhat.com/support/errata/RHSA-2011-0007.html
http://secunia.com/advisories/42354
http://secunia.com/advisories/42963
http://www.securityfocus.com/bid/45037
http://www.openwall.com/lists/oss-security/2010/11/24/2
http://marc.info/?l=linux-netdev&m=129059035929046&w=2
http://www.exploit-db.com/exploits/15622/
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9915672d41273f5b77f1b3c29b391ffb7732b84b
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.openwall.com/lists/oss-security/2010/11/24/10
https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4249
http://secunia.com/advisories/46397
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html
http://www.redhat.com/support/errata/RHSA-2011-0162.html
http://lkml.org/lkml/2010/11/23/395
http://lkml.org/lkml/2010/11/25/8
http://lkml.org/lkml/2010/11/23/450
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
CVSS v2
Base Score:
4.9
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400
EPSS
Base Score:
0.09