Vigil@nce: Linux kernel, three vulnerabilities of Econet
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use an Econet socket, in order to create a
denial of service or to elevate his privileges.
– Severity: 2/4
– Creation date: 29/11/2010
DESCRIPTION OF THE VULNERABILITY
The Econet protocol is used by some local networks. Its
implementation in the Linux kernel is impacted by three
vulnerabilities.
An attacker can use a large msg->msgiovlen value, in order to
create a buffer overflow. [severity:2/4; CVE-2010-3848]
An attacker can use sendmsg() with a null remote address, in order
to create a denial of service. [severity:1/4; CVE-2010-3849]
An unprivileged attacker is allowed to change the Econet address
of interfaces. [severity:2/4; CVE-2010-3850]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-three-vulnerabilities-of-Econet-10157