cvelistv5 - cve-2010-1088

CVE-2010-1088 (GCVE-0-2010-1088)

Vulnerability from cvelistv5

Published

2010-04-06 22:00

Modified

2024-08-07 01:14

Severity ?

CWE

Summary

fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.

References

URL

Tags

	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=ac278a9c505092dd82077a2446af8f9fc0d9c095	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:198	vendor-advisory, x_refsource_MANDRIVA
	http://www.openwall.com/lists/oss-security/2010/02/24/3	mailing-list, x_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:088	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/39044	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/43315	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html	vendor-advisory, x_refsource_SUSE
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10093	vdb-entry, signature, x_refsource_OVAL
	http://www.novell.com/linux/security/advisories/2010_23_kernel.html	vendor-advisory, x_refsource_SUSE
	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	x_refsource_CONFIRM
	http://secunia.com/advisories/39742	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=567813	x_refsource_CONFIRM
	http://www.debian.org/security/2010/dsa-2053	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/archive/1/516397/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/39830	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:14:05.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=ac278a9c505092dd82077a2446af8f9fc0d9c095"
          },
          {
            "name": "MDVSA-2010:198",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
          },
          {
            "name": "[oss-security] 20100224 CVE request: kernel: NFS DoS related to \"automount\" symlinks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/02/24/3"
          },
          {
            "name": "MDVSA-2010:088",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"
          },
          {
            "name": "39044",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/39044"
          },
          {
            "name": "43315",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43315"
          },
          {
            "name": "SUSE-SA:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10093",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10093"
          },
          {
            "name": "SUSE-SA:2010:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2010_23_kernel.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "39742",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39742"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567813"
          },
          {
            "name": "DSA-2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2053"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "39830",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39830"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount \"symlinks,\" which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=ac278a9c505092dd82077a2446af8f9fc0d9c095"
        },
        {
          "name": "MDVSA-2010:198",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
        },
        {
          "name": "[oss-security] 20100224 CVE request: kernel: NFS DoS related to \"automount\" symlinks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/02/24/3"
        },
        {
          "name": "MDVSA-2010:088",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"
        },
        {
          "name": "39044",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/39044"
        },
        {
          "name": "43315",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43315"
        },
        {
          "name": "SUSE-SA:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10093",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10093"
        },
        {
          "name": "SUSE-SA:2010:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2010_23_kernel.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "39742",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39742"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567813"
        },
        {
          "name": "DSA-2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2053"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "39830",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39830"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1088",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount \"symlinks,\" which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ac278a9c505092dd82077a2446af8f9fc0d9c095",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ac278a9c505092dd82077a2446af8f9fc0d9c095"
            },
            {
              "name": "MDVSA-2010:198",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
            },
            {
              "name": "[oss-security] 20100224 CVE request: kernel: NFS DoS related to \"automount\" symlinks",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/02/24/3"
            },
            {
              "name": "MDVSA-2010:088",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"
            },
            {
              "name": "39044",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/39044"
            },
            {
              "name": "43315",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43315"
            },
            {
              "name": "SUSE-SA:2010:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10093",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10093"
            },
            {
              "name": "SUSE-SA:2010:023",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2010_23_kernel.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "39742",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39742"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=567813",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567813"
            },
            {
              "name": "DSA-2053",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-2053"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "39830",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39830"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1088",
    "datePublished": "2010-04-06T22:00:00.000Z",
    "dateReserved": "2010-03-23T00:00:00.000Z",
    "dateUpdated": "2024-08-07T01:14:05.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-553

Vulnerability from certfr_avis

De multiples vulnérabilités sont présentes dans VMware ESX et ESXi. L'exploitation réussie de celles-ci permet entre autres l'exécution de code arbitraire à distance.

Description

Une mise à jour du noyau de Service Console OS corrige les vulnérabilités suivantes:

CVE-2010-0291 (élévation de privilèges et déni de service)
CVE-2010-0307 (déni de service)
CVE-2010-0415 (déni de service)
CVE-2010-0622 (déni de service)
CVE-2010-1087 (déni de service)
CVE-2010-1088 (impact non défini)
CVE-2010-1437 (déni de service)

La version 4.0 de VMware ESX est impactée mais le correctif n'est pas encore disponible à la date de rédaction de cet avis.

De même une mise à jour des paquets likewise corrige les vulnérabilités suivantes:

CVE-2009-0844 (déni de service à distance)
CVE-2009-0845 (déni de service à distance)
CVE-2009-0846 (exécution de code arbitraire à distance)
CVE-2009-4212 (exécution de code arbitraire à distance)
CVE-2010-1321 (déni de service)

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	ESXi	VMware ESXi version 4.1.
	VMware	ESXi	VMware ESX versions 4.0 et 4.1 ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2010-0016 du 15 novembre 2010	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2010-0016 du 15 novembre 2010	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESXi version 4.1.",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX versions 4.0 et 4.1 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne mise \u00e0 jour du noyau de Service Console OS corrige les\nvuln\u00e9rabilit\u00e9s suivantes:\n\n-   CVE-2010-0291 (\u00e9l\u00e9vation de privil\u00e8ges et d\u00e9ni de service)\n-   CVE-2010-0307 (d\u00e9ni de service)\n-   CVE-2010-0415 (d\u00e9ni de service)\n-   CVE-2010-0622 (d\u00e9ni de service)\n-   CVE-2010-1087 (d\u00e9ni de service)\n-   CVE-2010-1088 (impact non d\u00e9fini)\n-   CVE-2010-1437 (d\u00e9ni de service)\n\nLa version 4.0 de VMware ESX est impact\u00e9e mais le correctif n\u0027est pas\nencore disponible \u00e0 la date de r\u00e9daction de cet avis.\n\nDe m\u00eame une mise \u00e0 jour des paquets likewise corrige les vuln\u00e9rabilit\u00e9s\nsuivantes:\n\n-   CVE-2009-0844 (d\u00e9ni de service \u00e0 distance)\n-   CVE-2009-0845 (d\u00e9ni de service \u00e0 distance)\n-   CVE-2009-0846 (ex\u00e9cution de code arbitraire \u00e0 distance)\n-   CVE-2009-4212 (ex\u00e9cution de code arbitraire \u00e0 distance)\n-   CVE-2010-1321 (d\u00e9ni de service)\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0846"
    },
    {
      "name": "CVE-2010-0415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0415"
    },
    {
      "name": "CVE-2010-1321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1321"
    },
    {
      "name": "CVE-2010-0622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0622"
    },
    {
      "name": "CVE-2010-0307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0307"
    },
    {
      "name": "CVE-2010-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0291"
    },
    {
      "name": "CVE-2010-1087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1087"
    },
    {
      "name": "CVE-2010-1088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1088"
    },
    {
      "name": "CVE-2009-0844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0844"
    },
    {
      "name": "CVE-2010-1437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1437"
    },
    {
      "name": "CVE-2009-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0845"
    },
    {
      "name": "CVE-2009-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4212"
    }
  ],
  "initial_release_date": "2010-11-17T00:00:00",
  "last_revision_date": "2010-11-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0016 du 15 novembre    2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000108.html"
    }
  ],
  "reference": "CERTA-2010-AVI-553",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e \u003cspan class=\"textit\"\u003eESX\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eESXi\u003c/span\u003e. L\u0027exploitation r\u00e9ussie de celles-ci permet\nentre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMWare ESX et ESXi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0016 du 15 novembre 2010",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-1088 (GCVE-0-2010-1088)

Vulnerability from cvelistv5

CERTA-2010-AVI-553

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature