Details of VAR-201009-0269

ID

VAR-201009-0269

CVE

CVE-2010-2530

TITLE

NetBSD Of kernels used in products such as smb_subr.c Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-002957

DESCRIPTION

Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. Multiple BSD kernels are prone to multiple local denial-of-service vulnerabilities because they fail to properly verify signedness of user-supplied values. Attackers can exploit these issues to cause the kernel to panic, denying service to legitimate users. Given the nature of these issues, attackers may be able to execute arbitrary code, but this has not been confirmed. These issues affect versions prior to the 'netsmb' kernel module 1.35 on NetBSD, FreeBSD, and Apple OS X where 'netsmb' is available as a kernel extension. NetBSD/FreeBSD/Apple Mac OS X are all operating systems based on the BSD system. This vulnerability has been confirmed in the ioctl response of (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION

Trust: 1.98

sources: NVD: CVE-2010-2530 // JVNDB: JVNDB-2010-002957 // BID: 41557 // VULHUB: VHN-45135

AFFECTED PRODUCTS

vendor:	netbsd	model:	netbsd	scope:	eq	version:	2.1	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	2.0	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	3.0	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	2.0.3	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	2.0.2	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	3.1	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	2.1.1	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	2.0.1	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	2.0.4	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	3.99.15	Trust: 1.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.6	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.4.3	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.4.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	4.0	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.4.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	3.0.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.3	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.5	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.0	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.5.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.3.3	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.0	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.6.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.5.3	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	lte	version:	5.0.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	0.8	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	freebsd	model:	freebsd	scope:	eq	version:	*	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.6.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.5.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.4	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	0.9	Trust: 1.0
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.3	Trust: 0.8
vendor:	netbsd	model:	netbsd	scope:	eq	version:	1.5 5.0.2	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	netbsd	model:	current	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-current	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3

sources: BID: 41557 // JVNDB: JVNDB-2010-002957 // CNNVD: CNNVD-201009-281 // NVD: CVE-2010-2530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2530
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-2530
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201009-281
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-45135
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-2530
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-45135
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-45135 // JVNDB: JVNDB-2010-002957 // CNNVD: CNNVD-201009-281 // NVD: CVE-2010-2530

PROBLEMTYPE DATA

problemtype:

CWE-189

Trust: 1.9

sources: VULHUB: VHN-45135 // JVNDB: JVNDB-2010-002957 // NVD: CVE-2010-2530

THREAT TYPE

local

Trust: 0.9

sources: BID: 41557 // CNNVD: CNNVD-201009-281

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201009-281

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002957

PATCH

title:	Apple OS X	url:	http://www.apple.com/macosx/	Trust: 0.8
title:	Top Page	url:	http://www.freebsd.org/	Trust: 0.8
title:	Top Page	url:	http://www.netbsd.org/	Trust: 0.8

sources: JVNDB: JVNDB-2010-002957

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2530	Trust: 2.8
db:	BID	id:	41557	Trust: 2.0
db:	OPENWALL	id:	OSS-SECURITY/2010/07/12/6	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2010/07/16/2	Trust: 1.7
db:	JVNDB	id:	JVNDB-2010-002957	Trust: 0.8
db:	CNNVD	id:	CNNVD-201009-281	Trust: 0.7
db:	MLIST	id:	[OSS-SECURITY] 20100716 RE: CVE REQUEST: NETSMB BSD KERNEL MODULE (MINOR)	Trust: 0.6
db:	MLIST	id:	[OSS-SECURITY] 20100712 CVE REQUEST: NETSMB BSD KERNEL MODULE (MINOR)	Trust: 0.6
db:	VULHUB	id:	VHN-45135	Trust: 0.1

sources: VULHUB: VHN-45135 // BID: 41557 // JVNDB: JVNDB-2010-002957 // CNNVD: CNNVD-201009-281 // NVD: CVE-2010-2530

REFERENCES

url:	http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netsmb/smb_subr.c.diff?r1=1.34&r2=1.35&only_with_tag=main&f=h	Trust: 1.9
url:	http://www.securityfocus.com/bid/41557	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2010/07/12/6	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2010/07/16/2	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2530	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2530	Trust: 0.8
url:	http://permalink.gmane.org/gmane.comp.security.oss.general/3189	Trust: 0.3
url:	http://xorl.wordpress.com/2010/09/25/cve-2010-2530-netbsd-netsmb-module-multiple-signedness-issues/	Trust: 0.3
url:	http://www.freebsd.org/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.apple.com/server/macosx/	Trust: 0.3
url:	http://www.netbsd.org/	Trust: 0.3
url:	http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netsmb/smb_subr.c.diff?r1=1.34&r2=1.35&only_with_tag=main&f=h	Trust: 0.1

sources: VULHUB: VHN-45135 // BID: 41557 // JVNDB: JVNDB-2010-002957 // CNNVD: CNNVD-201009-281 // NVD: CVE-2010-2530

CREDITS

Dan Rosenberg

Trust: 0.9

sources: BID: 41557 // CNNVD: CNNVD-201009-281

SOURCES

db:	VULHUB	id:	VHN-45135
db:	BID	id:	41557
db:	JVNDB	id:	JVNDB-2010-002957
db:	CNNVD	id:	CNNVD-201009-281
db:	NVD	id:	CVE-2010-2530

LAST UPDATE DATE

2024-11-23T23:10:09.975000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-45135	date:	2010-09-30T00:00:00
db:	BID	id:	41557	date:	2010-09-27T09:50:00
db:	JVNDB	id:	JVNDB-2010-002957	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201009-281	date:	2010-10-08T00:00:00
db:	NVD	id:	CVE-2010-2530	date:	2024-11-21T01:16:50.900

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-45135	date:	2010-09-29T00:00:00
db:	BID	id:	41557	date:	2010-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2010-002957	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201009-281	date:	2010-09-29T00:00:00
db:	NVD	id:	CVE-2010-2530	date:	2010-09-29T17:00:04.150