CVE-2010-3850

Published: Dec 30, 2010Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.

Affected (12)

Products: Linux: Linux Kernel · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server, Linux Enterprise Software Development Kit · Debian: Debian Linux · +1 more

Show all products

Linux: Linux Kernel · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server, Linux Enterprise Software Development Kit · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

4 products

Linux Enterprise Desktop

Linux Enterprise Real Time Extension

Linux Enterprise Server

Linux Enterprise Software Development Kit

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 2.6.36.2

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Desktop	Version 10 sp3
Suse Linux Enterprise Real Time Extension	Version 11 sp1
Suse Linux Enterprise Server	Version 10 sp3
Suse Linux Enterprise Server	Version 9
Suse Linux Enterprise Software Development Kit	Version 10 sp3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 5.0

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 10.10
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 9.10

References (34)

http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html

Source: secalert@redhat.com

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16c41745c7b92a243d0874f534c1655196c64b74

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://openwall.com/lists/oss-security/2010/11/30/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://secunia.com/advisories/43056

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/43291

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2010/dsa-2126

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2010:257

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-1023-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0213

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0298

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0375

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=644156

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16c41745c7b92a243d0874f534c1655196c64b74

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://openwall.com/lists/oss-security/2010/11/30/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://secunia.com/advisories/43056

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/43291

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2010/dsa-2126

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2010:257

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ubuntu.com/usn/USN-1023-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0213

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0298

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0375

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=644156

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.