CVE-2010-3850

Priority
Medium
Description
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel
before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows
local users to bypass intended access restrictions and configure econet
addresses via an SIOCSIFADDR ioctl call.
Ubuntu-Description
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces.
References
Package
Upstream:released (2.6.37~rc4)
Package
Upstream:released (2.6.37~rc4)
Package
Upstream:released (2.6.37~rc4)
Package
Upstream:released (2.6.37~rc4)
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.37~rc4)
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=16c41745c7b92a243d0874f534c1655196c64b74
Package
Upstream:released (2.6.37~rc4)
Package
Upstream:released (2.6.37~rc4)
More Information

Updated: 2018-06-26 04:38:17 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)