CVE-2010-3873

Priority
Description
The X.25 implementation in the Linux kernel before 2.6.36.2 does not
properly parse facilities, which allows remote attackers to cause a denial
of service (heap memory corruption and panic) or possibly have unspecified
other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE
data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different
vulnerability than CVE-2010-4164.
Ubuntu-Description
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service.
Notes
 net: ax25: fix information leak to userland harder, CVE-2010-3875
 We took the additional step of fixing the original patch since it
 allowed an SKB leak.
Assigned-to
rtg
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.37~rc2)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by a6331d6f9a4298173b413cf99a40cc86a9d92c37
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
More Information

Updated: 2019-01-14 21:54:38 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)