Vulnerability Name:

CVE-2010-4565 (CCN-63042)

Assigned:2010-11-02
Published:2010-11-02
Updated:2020-08-10
Summary:The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2010-4565

Source: CCN
Type: The Linux Kernel Archives Web site
The Linux Kernel Archives Web

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20101103 CVE request: kernel: CAN information leak

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20101104 Re: CVE request: kernel: CAN information leak

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20101220 CVE request: kernel: CAN information leak, 2nd attempt

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt

Source: CCN
Type: oss-security
CVE request: kernel: CAN information leak

Source: CCN
Type: RHSA-2010-0958
Important: kernel-rt security and bug fix update

Source: CCN
Type: RHSA-2011-0330
Important: kernel-rt security and bug fix update

Source: CCN
Type: RHSA-2011-0498
Important: kernel security, bug fix, and enhancement update

Source: DEBIAN
Type: DSA-2126
linux-2.6 -- privilege escalation/denial of service/information leak

Source: DEBIAN
Type: DSA-2153
linux-2.6 -- privilege escalation/denial of service/information leak

Source: MANDRIVA
Type: Third Party Advisory
MDVSA-2011:029

Source: CCN
Type: OSVDB ID: 70229
Linux Kernel Controller Area Network net/can/bcm.c bcm_connect Function Kernel Memory Address Filename Local Information Disclosure

Source: BID
Type: Third Party Advisory, VDB Entry
44661

Source: CCN
Type: BID-44661
Linux Kernel CAN Protocol Information Disclosure Vulnerability

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[netdev] 20101102 [SECURITY] CAN info leak/minor heap overflow

Source: MLIST
Type: Mailing List, Third Party Advisory
[netdev] 20101102 Re: [SECURITY] CAN info leak/minor heap overflow

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[netdev] 20101109 Re: [PATCH] Fix CAN info leak/minor heap overflow

Source: MLIST
Type: Mailing List, Third Party Advisory
[netdev] 20101110 Re: [PATCH] Fix CAN info leak/minor heap overflow

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=664544

Source: XF
Type: UNKNOWN
linux-kernel-bcmconnect-info-disc(63042)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 2.6.36)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:28004
    P
    		ELSA-2011-2015 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update (important)
    2015-03-16
    oval:org.mitre.oval:def:15138
    P
    		USN-1187-1 -- Linux kernel (Maverick backport) vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13909
    P
    		USN-1164-1 -- linux-fsl-imx51 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:15398
    P
    		USN-1202-1 -- Linux kernel (OMAP4) vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13956
    P
    		USN-1162-1 -- linux-mvl-dove vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13238
    P
    		USN-1160-1 -- linux vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:14138
    P
    		USN-1141-1 -- linux, linux-ec2 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13900
    P
    		USN-1159-1 -- linux-mvl-dove vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:12874
    P
    		DSA-2153-1 linux-2.6 -- privilege escalation/denial of service/information leak
    2014-06-23
    oval:org.mitre.oval:def:23384
    P
    		ELSA-2011:0498: kernel security, bug fix, and enhancement update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21924
    P
    		RHSA-2011:0498: kernel security, bug fix, and enhancement update (Important)
    2014-02-24
    oval:com.redhat.rhsa:def:20110498
    P
    		RHSA-2011:0498: kernel security, bug fix, and enhancement update (Important)
    2011-05-10
    BACK
    linux linux kernel *
    linux linux kernel 2.6.0
    debian debian linux 5.0
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6