CVE-2010-3850
Published: 30 November 2010
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.
From the Ubuntu Security Team
Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.6.24-28.81)
|
|
karmic |
Released
(2.6.31-22.69)
|
|
lucid |
Released
(2.6.32-26.48)
|
|
maverick |
Released
(2.6.35-23.41)
|
|
upstream |
Released
(2.6.37~rc4)
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=16c41745c7b92a243d0874f534c1655196c64b74 |
||
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-307.22)
|
|
lucid |
Released
(2.6.32-310.21)
|
|
maverick |
Ignored
(binary supplied by "linux" now)
|
|
upstream |
Released
(2.6.37~rc4)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-112.30)
|
|
lucid |
Released
(2.6.31-608.22)
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.37~rc4)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Released
(2.6.35-25.44~lucid1)
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.37~rc4)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(abandonded branch)
|
|
lucid |
Released
(2.6.32-216.33)
|
|
maverick |
Released
(2.6.32-416.33)
|
|
upstream |
Released
(2.6.37~rc4)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-55.90)
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.37~rc4)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Released
(2.6.35-903.22)
|
|
upstream |
Released
(2.6.37~rc4)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3850
- https://ubuntu.com/security/notices/USN-1023-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1093-1
- https://ubuntu.com/security/notices/USN-1119-1
- NVD
- Launchpad
- Debian