CVE-2010-4249
published 2010-11-29CVE-2010-4249: The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection…
PriorityP420medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.90%
55.0th percentile
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| linux | linux_kernel | < 2.6.37 | 2.6.37 |
| linux | linux_kernel | — | — |
| vmware | vmware_esxi | — | — |
| vmware | vmware_workstation | — | — |
| vmware | vsphere | — | — |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
vendor_ubuntu7.8HIGH
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware ESX third party updates for Service Console packages glibc and dhcp
vendor_vmware·2011-10-12·CVSS 4.7
CVE-2010-0296 [MEDIUM] VMware ESX third party updates for Service Console packages glibc and dhcp
VMSA-2011-0012: VMware ESX third party updates for Service Console packages glibc and dhcp
a. ESX third party update for Service Console kernel This update takes the console OS kernel package to kernel-2.6.18-238.9.1 which resolves multiple security issues. The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CV
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-08-09·CVSS 1.9
CVE-2010-4249 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that IPC structures were not correctly initialized
on 64bit systems. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4073)
Steve Chen discovered that setsockopt did not correctly check MSS values. A
local attacker could make a specially crafted socket call to crash the
system, leading to a denial of service. (CVE-2010-4165)
Vladymyr Denysov discovered that Xen virtual CD-ROM devices were not
handled correctly. A local attacker in a guest could make crafted blkback
requests that would crash the host, leading to a denial of service.
(CVE-2010-4238)
Vegard Nossum discovered that memory garbage collection was not handled
corr
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-05-05·CVSS 7.8
CVE-2010-4164 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple flaws fixed in the Linux kernel.
Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If
a system was using X.25, a remote attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4164)
Vegard Nossum discovered that memory garbage collection was not handled
correctly for active sockets. A local attacker could exploit this to
allocate all available kernel memory, leading to a denial of service.
(CVE-2010-4249)
Nelson Elhage discovered that the kernel did not correctly handle process
cleanup after triggering a recoverable kernel bug. If a local attacker were
able to trigger certain kinds of kernel bugs, they could create a specially
crafted process to gain root privileges. (CVE-2010
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2011-04-20·CVSS 4.9
CVE-2010-2954 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hawkes discovered that the Linux kernel did not correctly validate
memory ranges on 64bit kernels when allocating memory on behalf of 32bit
system calls. On a 64bit system, a lo
Ubuntu
Linux Kernel vulnerabilities (Marvell Dove)
vendor_ubuntu·2011-03-25·CVSS 7.2
CVE-2010-2478 [HIGH] Linux Kernel vulnerabilities (Marvell Dove)
Title: Linux Kernel vulnerabilities (Marvell Dove)
Summary: An attacker could send crafted input to the kernel and cause it to
crash.
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hutchings discovered that the ethtool interface did not correctly check
certain sizes. A local attacker could perform malicious ioctl calls that
could crash the system, leadin
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-03-03·CVSS 4.7
CVE-2009-4895 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws.
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a 64bit
system, a local attacker could manipulate 32bit system calls to gain root
privileges. (CVE-2010-3301)
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-02-28·CVSS 4.7
CVE-2009-4895 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws.
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a 64bit
system, a local attacker could manipulate 32bit system calls to gain root
privileges. (CVE-2010-3301)
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-02-25·CVSS 4.6
CVE-2010-4078 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws.
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dan Jacobson discovered that ThinkPad video output was not correctly access
controlled. A local attacker could exploit this to hang the system, leading
to a denial of service. (CVE-2010-3448)
It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local at
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-02-25·CVSS 4.7
CVE-2009-4895 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws.
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
check file permissions. A local attacker could overwrite append-only files,
leading to potential data loss. (CVE-2010-2066)
Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly
check file permissions. A local attacker could exploit this to read from
write-only files, leading to a loss of privacy. (CVE-2010-2226)
Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory
manager did not properly handle when applications grow stacks into adjacent
memory regi
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-02-01·CVSS 4.6
CVE-2010-4079 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel vulnerablilities.
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2010-3873)
Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
correctly calculate th
Red Hat
kernel: unix socket local dos
vendor_redhat·2010-11-24·CVSS 4.9
CVE-2010-4249 [MEDIUM] kernel: unix socket local dos
kernel: unix socket local dos
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
GHSA
GHSA-g6g8-jgp3-m382: The wait_for_unix_gc function in net/unix/garbage
ghsa_unreviewed·2022-05-13
CVE-2010-4249 [MEDIUM] CWE-400 GHSA-g6g8-jgp3-m382: The wait_for_unix_gc function in net/unix/garbage
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
No detection rules found.
arXiv
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
arxiv_fulltext·2022-09-26
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
Meghna Pancholi
[email protected]
Columbia University
Andreas D. Kellas
[email protected]
Columbia University
Vasileios P. Kemerlis
[email protected]
Brown University
Simha Sethumadhavan
[email protected]
Columbia University
## Abstract
We introduce , a novel technique for automatically learning system
call filtering policies for containerized microservices applications. At
run-time, automatically learns which system calls a program should
be allowed to invoke, while rejecting attempts to call spurious system calls.
Further, addresses many of the shortcomings of state-of-the-art
static analysis-based techniques, such as the ability to generate tight filters
for programs written in interpreted languages such as PHP, Python, and
JavaScript. has a simple and rob
arXiv
Quantitative Analysis of Active Cyber Defenses Based on Temporal Platform Diversity
arxiv_fulltext·2014-01-31
Quantitative Analysis of Active Cyber Defenses Based on Temporal Platform Diversity
Quantitative Analysis of Active Cyber Defenses Based on Temporal Platform DiversityThis work is sponsored by the Department of Defense under Air Force Contract FA8721-05-C-0002. Opinions, interpretations, conclusions and recommendations are those of the author and are not necessarily endorsed by the United States Government.
3
Kevin M. Carter
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420
[email protected]
Hamed Okhravi
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420
[email protected]
James Riordan
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420
[email protected]
## Abstract
Active cyber defenses based on temporal platform diversity have been proposed
as way to make systems more resistant to attacks. These defenses change the p
Bugzilla
CVE-2010-4249 kernel: unix socket local dos
bugzilla·2010-11-24·CVSS 4.9
CVE-2010-4249 [MEDIUM] CVE-2010-4249 kernel: unix socket local dos
CVE-2010-4249 kernel: unix socket local dos
http://lkml.org/lkml/2010/11/23/395
Reported by Vegard Nossum:
"I found this program lying around on my laptop. It kills my box (2.6.35) instantly by consuming a lot of memory (allocated by the kernel, so the process doesn't get killed by the OOM killer). As far as I can tell, the memory isn't being freed when the program exits either. Maybe it will eventually get cleaned up the UNIX socket garbage collector thing, but in that case it doesn't get called quickly enough to save my machine at least."
Reproducer: http://lkml.org/lkml/2010/11/23/395
Partial fix: http://lkml.org/lkml/2010/11/23/450
Remaining fix: http://marc.info/?l=linux-netdev&m=129059035929046&w=2
From Eric Dumazet:
"we can eat all LOWMEM memory before unix_gc() being called fro
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9915672d41273f5b77f1b3c29b391ffb7732b84bhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.htmlhttp://lkml.org/lkml/2010/11/23/395http://lkml.org/lkml/2010/11/23/450http://lkml.org/lkml/2010/11/25/8http://marc.info/?l=linux-netdev&m=129059035929046&w=2http://secunia.com/advisories/42354http://secunia.com/advisories/42745http://secunia.com/advisories/42890http://secunia.com/advisories/42963http://secunia.com/advisories/46397http://www.exploit-db.com/exploits/15622/http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.37-rc3-next-20101125.bz2http://www.openwall.com/lists/oss-security/2010/11/24/10http://www.openwall.com/lists/oss-security/2010/11/24/2http://www.redhat.com/support/errata/RHSA-2011-0007.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0162.htmlhttp://www.securityfocus.com/archive/1/520102/100/0/threadedhttp://www.securityfocus.com/bid/45037http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlhttp://www.vupen.com/english/advisories/2010/3321http://www.vupen.com/english/advisories/2011/0168https://bugzilla.redhat.com/show_bug.cgi?id=656756http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9915672d41273f5b77f1b3c29b391ffb7732b84bhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.htmlhttp://lkml.org/lkml/2010/11/23/395http://lkml.org/lkml/2010/11/23/450http://lkml.org/lkml/2010/11/25/8http://marc.info/?l=linux-netdev&m=129059035929046&w=2http://secunia.com/advisories/42354http://secunia.com/advisories/42745http://secunia.com/advisories/42890http://secunia.com/advisories/42963http://secunia.com/advisories/46397http://www.exploit-db.com/exploits/15622/http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.37-rc3-next-20101125.bz2http://www.openwall.com/lists/oss-security/2010/11/24/10http://www.openwall.com/lists/oss-security/2010/11/24/2http://www.redhat.com/support/errata/RHSA-2011-0007.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0162.htmlhttp://www.securityfocus.com/archive/1/520102/100/0/threadedhttp://www.securityfocus.com/bid/45037http://www.vmware.com/security/advisories/VMSA-2011-0012.htmlhttp://www.vupen.com/english/advisories/2010/3321http://www.vupen.com/english/advisories/2011/0168https://bugzilla.redhat.com/show_bug.cgi?id=656756
2010-11-29
Published