CVE-2010-3859
Published: 29 December 2010
Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.
From the Ubuntu security team
Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
Patches: Upstream: http://git.kernel.org/linus/8acfe468b0384e834a303f08ebc4953d72fb690a Upstream: http://git.kernel.org/linus/253eacc070b114c2ec1f81b067d2fed7305467b0 |
||
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
Notes
Author | Note |
---|---|
kees | Upstream commits 8acfe468b0384e834a303f08ebc4953d72fb690a and 253eacc070b114c2ec1f81b067d2fed7305467b0 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3859
- https://usn.ubuntu.com/usn/usn-1071-1
- https://usn.ubuntu.com/usn/usn-1072-1
- https://usn.ubuntu.com/usn/usn-1073-1
- https://usn.ubuntu.com/usn/usn-1093-1
- https://usn.ubuntu.com/usn/usn-1083-1
- https://usn.ubuntu.com/usn/usn-1054-1
- https://usn.ubuntu.com/usn/usn-1167-1
- https://usn.ubuntu.com/usn/usn-1202-1
- https://usn.ubuntu.com/usn/usn-1204-1
- NVD
- Launchpad
- Debian