PT-2010-4487 · Carnegie Mellon University · Coda Filesystem Kernel Module

Publicado

2010-08-20

Atualizado

2018-10-10

CVE-2010-3014

CVSS v2.0

1.2

Baixa

Vetor

AV:L/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Coda filesystem kernel module (affected versions not specified)

Description The issue allows local users to read sensitive heap memory. This is achieved by using a large out size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read when Coda is loaded and Venus is running with /coda mounted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2010-3014

Produtos afetados

Coda Filesystem Kernel Module

PT-2010-4487 · Carnegie Mellon University · Coda Filesystem Kernel Module

CVE-2010-3014

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5