{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-01T00:00:00", "descriptions": [{"lang": "en", "value": "The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "[oss-security] 20100902 CVE-2010-2960 kernel: keyctl_session_to_parent null ptr deref", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/1"}, {"name": "linux-kernel-keyctl-dos(61557)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61557"}, {"name": "42932", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/42932"}, {"name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"name": "41263", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41263"}, {"name": "SUSE-SA:2010:050", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"}, {"tags": ["x_refsource_MISC"], "url": "http://twitter.com/taviso/statuses/22777866582"}, {"name": "1024384", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024384"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627440"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2010-2960", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-1000-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "[oss-security] 20100902 CVE-2010-2960 kernel: keyctl_session_to_parent null ptr deref", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/09/02/1"}, {"name": "linux-kernel-keyctl-dos(61557)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61557"}, {"name": "42932", "refsource": "BID", "url": "http://www.securityfocus.com/bid/42932"}, {"name": "SUSE-SA:2011:007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "ADV-2011-0298", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"name": "41263", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41263"}, {"name": "SUSE-SA:2010:050", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"}, {"name": "http://twitter.com/taviso/statuses/22777866582", "refsource": "MISC", "url": "http://twitter.com/taviso/statuses/22777866582"}, {"name": "1024384", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024384"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=627440", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627440"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:55:45.833Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1000-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"name": "[oss-security] 20100902 CVE-2010-2960 kernel: keyctl_session_to_parent null ptr deref", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/1"}, {"name": "linux-kernel-keyctl-dos(61557)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61557"}, {"name": "42932", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/42932"}, {"name": "SUSE-SA:2011:007", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"name": "ADV-2011-0298", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"name": "41263", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41263"}, {"name": "SUSE-SA:2010:050", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://twitter.com/taviso/statuses/22777866582"}, {"name": "1024384", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1024384"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627440"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2010-2960", "datePublished": "2010-09-08T19:00:00", "dateReserved": "2010-08-04T00:00:00", "dateUpdated": "2024-08-07T02:55:45.833Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0D2A268-65B0-4233-9DCE-16CEFCE589A3", "versionEndExcluding": "2.6.35.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*", "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "10A193CD-12B9-4236-8A2C-E8CEAE592952", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "F691F4E7-2FF1-4EFB-B21F-E510049A9940", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function."}, {"lang": "es", "value": "La funci\u00f3n keyctl_session_to_parent en security/keys/keyctl.c en el kernel de Linux v2.6.35.4 y anteriores, espera que determinados keyrings de sesi\u00f3n aparezcan, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio(deferencia a puntero nulo y ca\u00edda de sistema) o posiblemente tener otro impacto sin especificar a trav\u00e9s del argumento KEYCTL_SESSION_TO_PARENT a la funci\u00f3n keyctl."}], "id": "CVE-2010-2960", "lastModified": "2020-08-11T14:27:30.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2010-09-08T20:00:04.027", "references": [{"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"}, {"source": "security@ubuntu.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/41263"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1024384"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "http://twitter.com/taviso/statuses/22777866582"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/09/02/1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/42932"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1000-1"}, {"source": "security@ubuntu.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2011/0298"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627440"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61557"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "keyctl_session_to_parent NULL deref system crash", "id": "627440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627440"}, "csaw": false, "cvss": {"cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "draft"}, "cwe": "CWE-476", "details": ["The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function."], "name": "CVE-2010-2960", "public_date": "2010-09-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2960\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2960"], "statement": "This issue did not affect the version of Linux kernel as shipped with Red Hat\nEnterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as it did not include upstream commit ee18d64c that introduced the problem.", "threat_severity": "Important"}