CVE-2010-3859

Priority
Description
Multiple integer signedness errors in the TIPC implementation in the Linux
kernel before 2.6.36.2 allow local users to gain privileges via a crafted
sendmsg call that triggers a heap-based buffer overflow, related to the
tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in
net/core/iovec.c.
Ubuntu-Description
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges.
Notes
 Upstream commits 8acfe468b0384e834a303f08ebc4953d72fb690a
 and 253eacc070b114c2ec1f81b067d2fed7305467b0
Assigned-to
rtg
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
Package
Upstream:released (2.6.37~rc1)
More Information

Updated: 2019-01-14 21:54:36 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)