PT-2010-5620 · Debian+1 · Linux+1

Eugene Teo

Published

1970-01-01

Updated

2024-02-02

CVE-2010-1437

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions linux-image-2.6.26-2-vserver-686-bigmem version 2.6.26-2 linux-headers-2.6.26-2-all-mips version 2.6.26-2 linux-headers-2.6.26-2-ixp4xx version 2.6.26-2 linux-image-2.6.26-2-vserver-sparc64 version 2.6.26-2 linux-headers-2.6.26-2-s390 version 2.6.26-2 linux-headers-2.6.26-2-all-s390 version 2.6.26-2 linux-headers-2.6.26-2-686-bigmem version 2.6.26-2 linux-headers-2.6.26-2-vserver-powerpc version 2.6.26-2 linux-image-2.6.26-2-parisc version 2.6.26-2 linux-image-2.6.26-2-sparc64 version 2.6.26-2 linux-headers-2.6.26-2-r4k-ip22 version 2.6.26-2 linux-headers-2.6.26-2-mckinley version 2.6.26-2 linux-headers-2.6.26-2-xen-686 version 2.6.26-2 linux-image-2.6.26-2-parisc64-smp version 2.6.26-2 linux-doc-2.6.26 version 2.6.26 linux-headers-2.6.26-2-r4k-ip22 version 2.6.26-2 linux-headers-2.6.26-2-iop32x version 2.6.26-2 linux-headers-2.6.26-2-r5k-ip32 version 2.6.26-2 linux-image-2.6.26-2-s390-tape version 2.6.26-2 linux-image-2.6.26-2-alpha-generic version 2.6.26-2 linux-headers-2.6.26-2-vserver-amd64 version 2.6.26-2 linux-image-2.6.26-2-486 version 2.6.26-2 linux-headers-2.6.26-2-powerpc64 version 2.6.26-2 linux-headers-2.6.26-2-versatile version 2.6.26-2 linux-headers-2.6.26-2-openvz-686 version 2.6.26-2 linux-headers-2.6.26-2-alpha-generic version 2.6.26-2 linux-headers-2.6.26-2-itanium version 2.6.26-2 linux-image-2.6.26-2-vserver-amd64 version 2.6.26-2 linux-image-2.6.26-2-vserver-s390x version 2.6.26-2 linux-headers-2.6.26-2-vserver-686-bigmem version 2.6.26-2 linux-headers-2.6.26-2-5kc-malta version 2.6.26-2 linux-headers-2.6.26-2-all-sparc version 2.6.26-2 linux-headers-2.6.26-2-sparc64 version 2.6.26-2 linux-image-2.6.26-2-amd64 version 2.6.26-2 linux-tree-2.6.26 version 2.6.26 linux-modules-2.6.26-2-xen-686 version 2.6.26-2 linux-image-2.6.26-2-vserver-686 version 2.6.26-2 linux-image-2.6.26-2-5kc-malta version 2.6.26-2 linux-image-2.6.26-2-4kc-malta version 2.6.26-2 linux-image-2.6.26-2-alpha-smp version 2.6.26-2 linux-headers-2.6.26-2-4kc-malta version 2.6.26-2 linux-headers-2.6.26-2-r5k-cobalt version 2.6.26-2 linux-headers-2.6.26-2-all-i386 version 2.6.26-2 linux-image-2.6.26-2-iop32x version 2.6.26-2 linux-headers-2.6.26-2-vserver-s390x version 2.6.26-2 linux-headers-2.6.26-2-all-mipsel version 2.6.26-2 linux-image-2.6.26-2-openvz-amd64 version 2.6.26-2 linux-headers-2.6.26-2-all-arm version 2.6.26-2 linux-headers-2.6.26-2-all-alpha version 2.6.26-2 linux-headers-2.6.26-2-vserver-686 version 2.6.26-2 linux-image-2.6.26-2-vserver-itanium version 2.6.26-2 linux-headers-2.6.26-2-common-xen version 2.6.26-2 linux-headers-2.6.26-2-all-hppa version 2.6.26-2 linux-image-2.6.26-2-footbridge version 2.6.26-2 linux-image-2.6.26-2-xen-amd64 version 2.6.26-2 linux-modules-2.6.26-2-xen-amd64 version 2.6.26-2 linux-headers-2.6.26-2-amd64 version 2.6.26-2 linux-image-2.6.26-2-mckinley version 2.6.26-2 linux-image-2.6.26-2-versatile version 2.6.26-2 linux-headers-2.6.26-2-all-amd64 version 2.6.26-2 linux-image-2.6.26-2-itanium version 2.6.26-2 linux-image-2.6.26-2-powerpc64 version 2.6.26-2 linux-headers-2.6.26-2-sparc64-smp version 2.6.26-2 linux-manual-2.6.26 version 2.6.26 linux-headers-2.6.26-2-xen-amd64 version 2.6.26-2 linux-image-2.6.26-2-powerpc-smp version 2.6.26-2 linux-headers-2.6.26-2-vserver-powerpc64 version 2.6.26-2 linux-image-2.6.26-2-sparc64-smp version 2.6.26-2 linux-image-2.6.26-2-r5k-ip32 version 2.6.26-2 linux-image-2.6.26-2-s390x version 2.6.26-2 linux-image-2.6.26-2-r5k-cobalt version 2.6.26-2 linux-headers-2.6.26-2-powerpc-smp version 2.6.26-2 linux-headers-2.6.26-2-orion5x version 2.6.26-2 linux-headers-2.6.26-2-openvz-amd64 version 2.6.26-2 linux-image-2.6.26-2-vserver-powerpc version 2.6.26-2 linux-headers-2.6.26-2-686 version 2.6.26-2 linux-image-2.6.26-2-686-bigmem version 2.6.26-2 linux-image-2.6.26-2-orion5x version 2.6.26-2 linux-headers-2.6.26-2-all-powerpc version 2.6.26-2 linux-image-2.6.26-2-vserver-powerpc64 version 2.6.26-2 linux-patch-debian-2.6.26 version 2.6.26 linux-image-2.6.26-2-ixp4xx version 2.6.26-2 linux-image-2.6.26-2-parisc-smp version 2.6.26-2 linux-headers-2.6.26-2-486 version 2.6.26-2 linux-image-2.6.26-2-parisc64 version 2.6.26-2 linux-image-2.6.26-2-powerpc version 2.6.26-2 linux-headers-2.6.26-2-vserver-sparc64 version 2.6.26-2 linux-headers-2.6.26-2-all version 2.6.26-2 linux-source-2.6.26 version 2.6.26 linux-headers-2.6.26-2-parisc64-smp version 2.6.26-2 linux-image-2.6.26-2-xen-686 version 2.6.26-2 linux-image-2.6.26-2-686 version 2.6.26-2 linux-headers-2.6.26-2-alpha-legacy version 2.6.26-2 linux-headers-2.6.26-2-parisc-smp version 2.6.26-2 linux-headers-2.6.26-2-all-ia64 version 2.6.26-2 linux-headers-2.6.26-2-vserver-itanium version 2.6.26-2 linux-headers-2.6.26-2-alpha-smp version 2.6.26-2 linux-headers-2.6.26-2-sb1-bcm91250a version 2.6.26-2 linux-image-2.6.26-2-sb1a-bcm91480b version 2.6.26-2 linux-image-2.6.26-2-openvz-686 version 2.6.26-2 linux-headers-2.6.26-2-footbridge version 2.6.26-2 linux-support-2.6.26-2 version 2.6.26-2 linux-headers-2.6.26-2-powerpc version 2.6.26-2 linux-headers-2.6.26-2-s390x version 2.6.26-2 linux-image-2.6.26-2-alpha-legacy version 2.6.26-2 linux-headers-2.6.26-2-all-armel version 2.6.26-2 linux-headers-2.6.26-2-parisc64 version 2.6.26-2 linux-headers-2.6.26-2-vserver-mckinley version 2.6.26-2 linux-headers-2.6.26-2-sb1a-bcm91480b version 2.6.26-2 linux-libc-dev version 2.6.26-2 linux-headers-2.6.26-2-common-vserver version 2.6.26-2 linux-image-2.6.26-2-vserver-mckinley version 2.6.26-2 linux-headers-2.6.26-2-common-openvz version 2.6.26-2 linux-headers-2.6.26-2-common version 2.6.26-2 linux-image-2.6.26-2-sb1-bcm91250a version 2.6.26-2 linux-image-2.6.26-2-s390 version 2.6.26-2

Description The issue is related to multiple vulnerabilities in the Linux kernel, specifically in the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, leading to a denial of service (memory corruption and system crash) or possibly other unspecified impacts. The vulnerabilities are present in various packages, including linux-image and linux-headers, and can be exploited through keyctl session commands that trigger access to a dead keyring undergoing deletion by the key cleanup function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Memory Corruption

Use After Free

Race Condition

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-399CWE-20CWE-787CWE-416CWE-362CWE-476

Related Identifiers

BDU:2015-01013

BDU:2015-01014

BDU:2015-01015

BDU:2015-01016

BDU:2015-01017

BDU:2015-01018

BDU:2015-01019

BDU:2015-01020

BDU:2015-01021

BDU:2015-01022

BDU:2015-01023

BDU:2015-01024

BDU:2015-01025

BDU:2015-01026

BDU:2015-01027

BDU:2015-01028

BDU:2015-01029

BDU:2015-01030

BDU:2015-01031

BDU:2015-01032

BDU:2015-01033

BDU:2015-01034

BDU:2015-01035

BDU:2015-01036

BDU:2015-01037

BDU:2015-01038

BDU:2015-01039

BDU:2015-01040

BDU:2015-01041

BDU:2015-01042

BDU:2015-01043

BDU:2015-01044

BDU:2015-01045

BDU:2015-01046

BDU:2015-01047

BDU:2015-01048

BDU:2015-01049

BDU:2015-01050

BDU:2015-01053

BDU:2015-01054

BDU:2015-01055

BDU:2015-01056

BDU:2015-01057

BDU:2015-01058

BDU:2015-01059

BDU:2015-01060

BDU:2015-01061

BDU:2015-01062

BDU:2015-01063

BDU:2015-01064

BDU:2015-01065

BDU:2015-01066

BDU:2015-01067

BDU:2015-01068

BDU:2015-01069

BDU:2015-01070

BDU:2015-01071

BDU:2015-01072

BDU:2015-01073

BDU:2015-01074

BDU:2015-01075

BDU:2015-01076

BDU:2015-01077

BDU:2015-01078

BDU:2015-01079

BDU:2015-01080

BDU:2015-01081

BDU:2015-01082

BDU:2015-01083

BDU:2015-01084

BDU:2015-01085

BDU:2015-01086

BDU:2015-01087

BDU:2015-01088

BDU:2015-01089

BDU:2015-01090

BDU:2015-01091

BDU:2015-01092

BDU:2015-01093

BDU:2015-01094

BDU:2015-01095

BDU:2015-01096

BDU:2015-01097

BDU:2015-01098

BDU:2015-01099

BDU:2015-01100

BDU:2015-01101

BDU:2015-01102

BDU:2015-01103

BDU:2015-01104

BDU:2015-01105

BDU:2015-01106

BDU:2015-01107

BDU:2015-01108

BDU:2015-01109

BDU:2015-01110

BDU:2015-01111

BDU:2015-01112

BDU:2015-01113

BDU:2015-01114

BDU:2015-01115

BDU:2015-01116

BDU:2015-01117

BDU:2015-01118

BDU:2015-01119

BDU:2015-01120

BDU:2015-01121

BDU:2015-01122

BDU:2015-01123

BDU:2015-01124

BDU:2015-01125

BDU:2015-01126

BDU:2015-01127

BDU:2015-01128

BDU:2015-01129

BDU:2015-01130

BDU:2015-01131

CVE-2010-1437

DSA-2053-1

RHSA-2010:0474

RHSA-2010:0504

RHSA-2010:0631

RHSA-2010_0474

RHSA-2010_0504

Affected Products

Linux

Red Hat

PT-2010-5620 · Debian+1 · Linux+1

CVE-2010-1437

Weakness Enumeration

Related Identifiers

Affected Products

References · 173