CVE-2010-4160
Publication date 7 January 2011
Last updated 24 July 2024
Ubuntu priority
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.
From the Ubuntu Security Team
Dan Rosenberg discovered that the Linux kernel L2TP implementation contained multiple integer signedness errors. A local attacker could exploit this to to crash the kernel, or possibly gain root privileges.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
linux-ec2 | ||
linux-fsl-imx51 | ||
linux-lts-backport-maverick | ||
linux-lts-backport-natty | ||
linux-mvl-dove | ||
linux-source-2.6.15 | ||
linux-ti-omap4 | ||
Notes
Patch details
Package | Patch details |
---|---|
linux |
References
Related Ubuntu Security Notices (USN)
- USN-1073-1
- Linux kernel vulnerabilities
- 25 February 2011
- USN-1072-1
- Linux kernel vulnerabilities
- 25 February 2011
- USN-1202-1
- Linux kernel (OMAP4) vulnerabilities
- 13 September 2011
- USN-1083-1
- Linux kernel vulnerabilities
- 3 March 2011
- USN-1054-1
- Linux kernel vulnerabilities
- 1 February 2011
- USN-1204-1
- Linux kernel (i.MX51) vulnerabilities
- 13 September 2011
- USN-1071-1
- Linux kernel vulnerabilities
- 25 February 2011
- USN-1093-1
- Linux Kernel vulnerabilities (Marvell Dove)
- 25 March 2011