Back to search
CVE-2010-3850
Published: Dec 30, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
43056
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=644156
x_refsource_CONFIRM
20101207 Linux kernel exploit
mailing-list
x_refsource_FULLDISC
SUSE-SA:2011:007
vendor-advisory
x_refsource_SUSE
[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET
mailing-list
x_refsource_MLIST
ADV-2011-0298
vdb-entry
x_refsource_VUPEN
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2
x_refsource_CONFIRM
MDVSA-2011:051
vendor-advisory
x_refsource_MANDRIVA
MDVSA-2010:257
vendor-advisory
x_refsource_MANDRIVA
SUSE-SA:2011:005
vendor-advisory
x_refsource_SUSE
ADV-2011-0375
vdb-entry
x_refsource_VUPEN
USN-1023-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SA:2011:008
vendor-advisory
x_refsource_SUSE
43291
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0213
vdb-entry
x_refsource_VUPEN
DSA-2126
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now