Your submission was sent successfully! Close

CVE-2010-3859

Published: 29 December 2010

Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.

From the Ubuntu security team

Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
Patches:
Upstream: http://git.kernel.org/linus/8acfe468b0384e834a303f08ebc4953d72fb690a
Upstream: http://git.kernel.org/linus/253eacc070b114c2ec1f81b067d2fed7305467b0
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)

Notes

AuthorNote
kees 
Upstream commits 8acfe468b0384e834a303f08ebc4953d72fb690a and
253eacc070b114c2ec1f81b067d2fed7305467b0

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading