Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2010-3850

Published: 30 November 2010

The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.

From the Ubuntu Security Team

Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.6.24-28.81)
karmic
Released (2.6.31-22.69)
lucid
Released (2.6.32-26.48)
maverick
Released (2.6.35-23.41)
upstream
Released (2.6.37~rc4)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=16c41745c7b92a243d0874f534c1655196c64b74
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-307.22)
lucid
Released (2.6.32-310.21)
maverick Ignored
(end of life)
upstream
Released (2.6.37~rc4)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-112.30)
lucid
Released (2.6.31-608.22)
maverick Does not exist

upstream
Released (2.6.37~rc4)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (2.6.35-25.44~lucid1)
maverick Does not exist

upstream
Released (2.6.37~rc4)
linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(end of life)
lucid
Released (2.6.32-216.33)
maverick
Released (2.6.32-416.33)
upstream
Released (2.6.37~rc4)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-55.90)
hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream
Released (2.6.37~rc4)
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.22)
upstream
Released (2.6.37~rc4)