Release date:
Updated on:
Affected Systems:
Linux kernel 2.6.11.11-2.6.36
Description:
--------------------------------------------------------------------------------
Bugtraq id: 45059
Cve id: CVE-2010-4077
Linux Kernel is the Kernel used by open source Linux.
Linux Kernel has a vulnerability in implementation. Local attackers can exploit this vulnerability to obtain sensitive information, which may be helpful to other attacks.
Nozomi. in c, the TIOCGICOUNT device ioctl allows unauthorized users to read 16 bytes of uninitialized stack memory, because the "Reserved" members of the serial_icounter_struct structure on the stack are not changed or cleared before being copied to the user.
This vulnerability does not affect the Linux Kernel versions released with Red Hat Enterprise Linux 3/4/5 because they do not support the GloeTrotter hspda pcmcia card.
<**>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.kernel.org/