CVE-2010-2530

Current Description

Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.

Basic Data

PublishedSeptember 29, 2010
Last ModifiedSeptember 30, 2010
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score4.9
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSNetbsdNetbsd0.8*******
    2.3OSNetbsdNetbsd0.9*******
    2.3OSNetbsdNetbsd1.0*******
    2.3OSNetbsdNetbsd1.1*******
    2.3OSNetbsdNetbsd1.2*******
    2.3OSNetbsdNetbsd1.2.1*******
    2.3OSNetbsdNetbsd1.3*******
    2.3OSNetbsdNetbsd1.3.1*******
    2.3OSNetbsdNetbsd1.3.2*******
    2.3OSNetbsdNetbsd1.3.3*******
    2.3OSNetbsdNetbsd1.4*******
    2.3OSNetbsdNetbsd1.4.1*******
    2.3OSNetbsdNetbsd1.4.2*******
    2.3OSNetbsdNetbsd1.4.3*******
    2.3OSNetbsdNetbsd1.5*******
    2.3OSNetbsdNetbsd1.5.1*******
    2.3OSNetbsdNetbsd1.5.2*******
    2.3OSNetbsdNetbsd1.5.3*******
    2.3OSNetbsdNetbsd1.6*******
    2.3OSNetbsdNetbsd1.6beta******
    2.3OSNetbsdNetbsd1.6.1*******
    2.3OSNetbsdNetbsd1.6.2*******
    2.3OSNetbsdNetbsd2.0*******
    2.3OSNetbsdNetbsd2.0.1*******
    2.3OSNetbsdNetbsd2.0.2*******
    2.3OSNetbsdNetbsd2.0.3*******
    2.3OSNetbsdNetbsd2.0.4*******
    2.3OSNetbsdNetbsd2.1*******
    2.3OSNetbsdNetbsd2.1.1*******
    2.3OSNetbsdNetbsd3.0*******
    2.3OSNetbsdNetbsd3.0.1*******
    2.3OSNetbsdNetbsd3.0.2*******
    2.3OSNetbsdNetbsd3.1*******
    2.3OSNetbsdNetbsd3.99.15*******
    2.3OSNetbsdNetbsd4.0beta******
    2.3OSNetbsdNetbsd4.0beta2******
    2.3OSNetbsdNetbsd4.0.1*******
    2.3OSNetbsdNetbsd5.0*******
    2.3OSNetbsdNetbsd5.0.1*******
    2.3OSNetbsdNetbsd********5.0.2
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSAppleMac Os X********
    2.3OSFreebsdFreebsd********

Vulnerable Software List

VendorProductVersions
Apple Mac Os X *
Freebsd Freebsd *
Netbsd Netbsd *, 0.8, 0.9, 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1, 1.6.2, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1, 2.1.1, 3.0, 3.0.1, 3.0.2, 3.1, 3.99.15, 4.0, 4.0.1, 5.0, 5.0.1

References

NameSourceURLTags
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netsmb/smb_subr.c.diff?r1=1.34&r2=1.35&only_with_tag=MAIN&f=hhttp://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netsmb/smb_subr.c.diff?r1=1.34&r2=1.35&only_with_tag=MAICONFIRM
[oss-security] 20100712 CVE request: NetSMB BSD kernel module (minor)http://www.openwall.com/lists/oss-security/2010/07/12/6MLIST
[oss-security] 20100716 Re: CVE request: NetSMB BSD kernel module (minor)http://www.openwall.com/lists/oss-security/2010/07/16/2MLIST
41557http://www.securityfocus.com/bid/41557BID