Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-3848

Published: 30 November 2010

Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.

From the Ubuntu Security Team

Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces.

Notes

AuthorNote
jdstrand
per tracking bug LP: #712610, there was a regression in the kernel
in -proposed for linux-mvl-dove. It it being investigated.

Priority

High

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.6.24-28.81)
karmic
Released (2.6.31-22.69)
lucid
Released (2.6.32-26.48)
maverick
Released (2.6.35-23.41)
upstream
Released (2.6.37~rc4)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a27e13d370415add3487949c60810e36069a23a6
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-307.22)
lucid
Released (2.6.32-310.21)
maverick Ignored
(end of life)
upstream
Released (2.6.37~rc4)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-112.30)
lucid
Released (2.6.31-608.22)
maverick Does not exist

upstream
Released (2.6.37~rc4)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (2.6.35-25.44~lucid1)
maverick Does not exist

upstream
Released (2.6.37~rc4)
linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(end of life)
lucid
Released (2.6.32-216.33)
maverick
Released (2.6.32-416.33)
upstream
Released (2.6.37~rc4)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-55.90)
hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream
Released (2.6.37~rc4)
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.22)
upstream
Released (2.6.37~rc4)