CVE-2010-2492

HIGH

Avaya IQ < 2.6.35 - Buffer Overflow

Title source: rule
STIX 2.1

Description

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=611385
Patch, Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0723.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46397
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0007.html
Third Party Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100113326
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42890
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172

Scores

CVSS v3 7.8
EPSS 0.0008
EPSS Percentile 22.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (20)
avaya/aura_communication_manager 5.2
avaya/aura_presence_services 6.0
avaya/aura_presence_services 6.1
avaya/aura_presence_services 6.1.1
avaya/aura_session_manager 1.1
avaya/aura_session_manager 5.2
avaya/aura_session_manager 6.0
avaya/aura_system_manager 5.2
avaya/aura_system_manager 6.0
avaya/aura_system_manager 6.1
... and 10 more
Published Sep 08, 2010
Tracked Since Feb 18, 2026