PT-2010-4487 · Carnegie Mellon University · Coda Filesystem Kernel Module

Published

2010-08-20

Updated

2018-10-10

CVE-2010-3014

CVSS v2.0

1.2

Low

Vector

AV:L/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Coda filesystem kernel module (affected versions not specified)

Description The issue allows local users to read sensitive heap memory. This is achieved by using a large out size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read when Coda is loaded and Venus is running with /coda mounted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2010-3014

Affected Products

Coda Filesystem Kernel Module

PT-2010-4487 · Carnegie Mellon University · Coda Filesystem Kernel Module

CVE-2010-3014

Weakness Enumeration

Related Identifiers

Affected Products

References · 5