CVE-2010-2959
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
Known Affected Software
7 configuration(s) from 4 vendor(s)
debian_linux
Version:
5.0
CPE:
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
fedora
Version:
12
CPE:
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
opensuse
Version:
11.3
CPE:
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
linux_enterprise_real_time
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_real_time:11:sp1:*:*:*:*:*:*
linux_enterprise_high_availability_extension
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:-:*:*:*:*:*:*
linux_enterprise_server
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:*:*:*
linux_enterprise_desktop
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
This vulnerability affects 7 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cdesecurity@ubuntu.com
-
http://jon.oberheide.org/files/i-can-haz-modharden.csecurity@ubuntu.com Exploit Mailing List Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.htmlsecurity@ubuntu.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlsecurity@ubuntu.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlsecurity@ubuntu.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlsecurity@ubuntu.com Mailing List Third Party Advisory
-
http://secunia.com/advisories/41512security@ubuntu.com Broken Link
-
http://www.debian.org/security/2010/dsa-2094security@ubuntu.com Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53security@ubuntu.com Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21security@ubuntu.com Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6security@ubuntu.com Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4security@ubuntu.com Broken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198security@ubuntu.com Broken Link
-
http://www.openwall.com/lists/oss-security/2010/08/20/2security@ubuntu.com Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/42585security@ubuntu.com Exploit Third Party Advisory VDB Entry
-
http://www.vupen.com/english/advisories/2010/2430security@ubuntu.com Broken Link
-
http://www.vupen.com/english/advisories/2011/0298security@ubuntu.com Broken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=625699security@ubuntu.com Issue Tracking Patch Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cdeaf854a3a-2127-422b-91ae-364da2661108
-
http://jon.oberheide.org/files/i-can-haz-modharden.caf854a3a-2127-422b-91ae-364da2661108 Exploit Mailing List Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://secunia.com/advisories/41512af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.debian.org/security/2010/dsa-2094af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.openwall.com/lists/oss-security/2010/08/20/2af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/42585af854a3a-2127-422b-91ae-364da2661108 Exploit Third Party Advisory VDB Entry
-
http://www.vupen.com/english/advisories/2010/2430af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.vupen.com/english/advisories/2011/0298af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=625699af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch Third Party Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-190
Top 25 #22
Integer Overflow or Wraparound
- Description
- The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value…
- Exploit Likelihood
- Medium
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- September 08, 2010
