Main Vulnerability Database Vulnerabilities #VU95726

Information exposure in Linux kernel - CVE-2010-4563

Published: February 2, 2012 / Updated: February 3, 2012

Vulnerability identifier: #VU95726

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2010-4563

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.

How to mitigate CVE-2010-4563

Install update from vendor's repository.

Sources

http://seclists.org/dailydave/2011/q2/25
http://seclists.org/fulldisclosure/2011/Apr/254

Information exposure in Linux kernel - CVE-2010-4563

Detailed vulnerability description

How to mitigate CVE-2010-4563

Sources

Please verify you're human