CVE-2010-3876
CVE-2010-3876
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=67286640f638f5ad41a946b9a3dc75327950248fhttp://marc.info/?l=linux-netdev&m=128854507220908&w=2http://openwall.com/lists/oss-security/2010/11/02/10http://openwall.com/lists/oss-security/2010/11/02/12http://openwall.com/lists/oss-security/2010/11/02/7http://openwall.com/lists/oss-security/2010/11/02/9http://openwall.com/lists/oss-security/2010/11/04/5https://bugzilla.redhat.com/show_bug.cgi?id=649715http://secunia.com/advisories/42789http://secunia.com/advisories/42890http://secunia.com/advisories/42963http://secunia.com/advisories/46397