CVE-2010-2522 - Vulnerability Details - OpenCVE

The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00064.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux-ipv6 Subscribe	Umip Subscribe

Configuration 1 [-]

cpe:2.3:a:linux-ipv6:umip:0.4:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2010-2526	The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://marc.info/?l=oss-security&m=127850299910685&w=2
http://marc.info/?l=oss-security&m=127859390815405&w=2
http://www.openwall.com/lists/oss-security/2010/07/06/5
http://www.openwall.com/lists/oss-security/2010/07/07/4
http://www.openwall.com/lists/oss-security/2010/07/09/1
http://www.securityfocus.com/bid/41524
https://nvd.nist.gov/vuln/detail/CVE-2010-2522
https://www.cve.org/CVERecord?id=CVE-2010-2522

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-07-13T17:00:00

Updated: 2024-08-07T02:39:37.220Z

Reserved: 2010-06-30T00:00:00

Link: CVE-2010-2522

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-07-13T17:30:04.187

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-2522

Redhat

Severity : Moderate

Publid Date: 2009-10-24T00:00:00Z

Links: CVE-2010-2522 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-24T00:00:00", "descriptions": [{"lang": "en", "value": "The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-15T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20100707 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/07/07/4"}, {"name": "[oss-security] 20100706 patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/07/06/5"}, {"name": "[oss-security] 20100708 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/07/09/1"}, {"name": "[oss-security] 20100707 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127850299910685&w=2"}, {"name": "[oss-security] 20100708 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127859390815405&w=2"}, {"name": "SUSE-SR:2010:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"name": "41524", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/41524"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:39:37.220Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20100707 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/07/07/4"}, {"name": "[oss-security] 20100706 patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/07/06/5"}, {"name": "[oss-security] 20100708 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/07/09/1"}, {"name": "[oss-security] 20100707 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127850299910685&w=2"}, {"name": "[oss-security] 20100708 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127859390815405&w=2"}, {"name": "SUSE-SR:2010:019", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"name": "41524", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/41524"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2522", "datePublished": "2010-07-13T17:00:00", "dateReserved": "2010-06-30T00:00:00", "dateUpdated": "2024-08-07T02:39:37.220Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linux-ipv6:umip:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DBADED00-3C2B-4E97-A91C-EEB9016F6F0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message."}, {"lang": "es", "value": "El demonio mipv6 en UMIP v0.4 no verifica los mensajes netlink originados en el kernel, lo que permite a usuarios locales falsificar la comunicaci\u00f3n con el socket netlink a trav\u00e9s de mensajes unicast manipulados."}], "id": "CVE-2010-2522", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-07-13T17:30:04.187", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=127850299910685&w=2"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://marc.info/?l=oss-security&m=127859390815405&w=2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/07/06/5"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/07/07/4"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/07/09/1"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/41524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127850299910685&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://marc.info/?l=oss-security&m=127859390815405&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/07/06/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/07/07/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/07/09/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/41524"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}