Your submission was sent successfully! Close

CVE-2010-3873

Published: 3 January 2011

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.

From the Ubuntu Security Team

Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service.

Notes

AuthorNote
kees
net: ax25: fix information leak to userland harder, CVE-2010-3875 We
took the additional step of fixing the original patch since it allowed an
SKB leak.
Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.6.24-28.86)
karmic
Released (2.6.31-22.73)
lucid
Released (2.6.32-28.52)
maverick
Released (2.6.35-25.43)
natty
Released (2.6.37-5.13)
oneiric Not vulnerable
(2.6.39-0.0)
upstream
Released (2.6.37~rc2)
Patches:
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by a6331d6f9a4298173b413cf99a40cc86a9d92c37
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-307.27)
lucid
Released (2.6.32-312.24)
maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

oneiric Does not exist

upstream
Released (2.6.37~rc2)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-112.30)
lucid
Released (2.6.31-609.26)
maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.37~rc2)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (2.6.35-32.68~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.37~rc2)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.37~rc2)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.37~rc2)
linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(abandonded branch)
lucid
Released (2.6.32-214.30)
maverick
Released (2.6.32-414.30)
natty Does not exist

oneiric Does not exist

upstream
Released (2.6.37~rc2)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-55.93)
hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.37~rc2)
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.26)
natty Not vulnerable

oneiric Not vulnerable

upstream
Released (2.6.37~rc2)