| Vulnerability Name: | CVE-2010-4161 (CCN-64497) | ||||||||||||||||||||
| Assigned: | 2010-11-10 | ||||||||||||||||||||
| Published: | 2010-11-10 | ||||||||||||||||||||
| Updated: | 2018-10-10 | ||||||||||||||||||||
| Summary: | The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158. | ||||||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C)
1.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
4.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-399 | ||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Nov 18 2010 - 12:13:23 CST Re: Kernel 0-day Source: MITRE Type: CNA CVE-2010-4161 Source: CCN Type: Linux Kenel Archives Web site Linux Kenel Archives Web Source: CCN Type: RHSA-2011-0004 Important: kernel security, bug fix, and enhancement update Source: SECUNIA Type: UNKNOWN 42789 Source: CCN Type: SA46397 VMware ESX / ESXi Server Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 46397 Source: CCN Type: OSVDB ID: 70264 Linux Kernel on RHEL net/ipv4/udp.c udp_queue_rcv_skb Function Socket Filter Remote DoS Source: REDHAT Type: UNKNOWN RHSA-2011:0004 Source: BUGTRAQ Type: Exploit 20101118 Re: Kernel 0-day Source: BUGTRAQ Type: UNKNOWN 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console Source: CCN Type: BID-45064 Linux Kernel 'net/' Subsystem Socket Filter CVE-2010-4161 Local Information Disclosure Vulnerability Source: MLIST Type: Patch [netdev] 20101110 Re: [PATCH] Prevent reading uninitialized memory with socket filters Source: CONFIRM Type: UNKNOWN http://www.vmware.com/security/advisories/VMSA-2011-0012.html Source: VUPEN Type: UNKNOWN ADV-2011-0024 Source: CONFIRM Type: Patch https://bugzilla.redhat.com/show_bug.cgi?id=651698 Source: CONFIRM Type: Exploit https://bugzilla.redhat.com/show_bug.cgi?id=652534 Source: XF Type: UNKNOWN kernel-udpqueuercvskb-dos(64497) Source: XF Type: UNKNOWN kernel-udpqueuercvskb-dos(64497) | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||