Vulnerability Name: | CVE-2010-2521 (CCN-61008) | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2010-04-20 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2010-04-20 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
6.2 Medium (REDHAT Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2010-2521 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2010-0606 Important: kernel security and bug fix update Source: CCN Type: RHSA-2010-0610 Important: kernel security and bug fix update Source: CCN Type: RHSA-2010-0631 Important: kernel-rt security and bug fix update Source: CCN Type: RHSA-2010-0893 Important: kernel security and bug fix update Source: CCN Type: RHSA-2010-0907 Important: kernel security and bug fix update Source: CCN Type: SA43315 VMware ESX Server Multiple Kernel Vulnerabilities Source: CCN Type: SECTRACK ID: 1024286 Linux Kernel NFS Server-Side XDR Buffer Overflow May Let Remote Users Execute Arbitrary Code Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: DEBIAN Type: DSA-2094 linux-2.6 -- privilege escalation/denial of service/information leak Source: CCN Type: The Linux Kernel Archives Web site The Linux Kernel Archives Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: OSVDB ID: 67243 Linux Kernel fs/nfsd/nfs4xdr.c NFS XDR Compound Request Handling Overflow Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-42249 Linux Kernel XDR Implementation Local Buffer Overflow Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 612028 CVE-2010-2521 kernel: nfsd4: bug in read_buf Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN kernel-readbuf-bo(61008) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: SUSE Type: SUSE-SA:2010:036 Linux kernel security update Source: SUSE Type: SUSE-SA:2010:038 Linux kernel security update Source: SUSE Type: SUSE-SA:2010:040 Linux kernel security update Source: SUSE Type: SUSE-SA:2010:046 openSUSE 11.2 kernel security update | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1: ![]() | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |