CVE-2010-3859

Published: 29 December 2010

Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.

From the Ubuntu security team

Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc1)
Patches:
Upstream: http://git.kernel.org/linus/8acfe468b0384e834a303f08ebc4953d72fb690a
Upstream: http://git.kernel.org/linus/253eacc070b114c2ec1f81b067d2fed7305467b0
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc1)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.37~rc1)