CVE-2010-4648

Impact:
Low
Public Date:
2010-12-08
Bugzilla:
667907: CVE-2010-4648 kernel: orinoco: fix TKIP countermeasure behaviour

The MITRE CVE dictionary describes this issue as:

The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames.

Find out more about CVE-2010-4648 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5 as they did not backport the upstream commit d03032af that introduced this issue. Future kernel updates in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this flaw.

CVSS v2 metrics

Base Score 3.3
Base Metrics AV:A/AC:L/Au:N/C:P/I:N/A:N
Access Vector Adjacent Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (kernel) RHSA-2011:0421 2011-04-08
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2011:0330 2011-03-10
Last Modified

CVE description copyright © 2017, The MITRE Corporation