Vulnerability Details CVE-2010-2522
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.9%
CVSS Severity
CVSS v2 Score 2.1
References
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://marc.info/?l=oss-security&m=127850299910685&w=2
- http://marc.info/?l=oss-security&m=127859390815405&w=2
- http://www.openwall.com/lists/oss-security/2010/07/06/5
- http://www.openwall.com/lists/oss-security/2010/07/07/4
- http://www.openwall.com/lists/oss-security/2010/07/09/1
- http://www.securityfocus.com/bid/41524
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://marc.info/?l=oss-security&m=127850299910685&w=2
- http://marc.info/?l=oss-security&m=127859390815405&w=2
- http://www.openwall.com/lists/oss-security/2010/07/06/5
- http://www.openwall.com/lists/oss-security/2010/07/07/4
- http://www.openwall.com/lists/oss-security/2010/07/09/1
- http://www.securityfocus.com/bid/41524
Products affected by CVE-2010-2522
-
cpe:2.3:a:linux-ipv6:umip:0.4