PDA

View Full Version : Kernel vulnerability



zenking
04-Oct-2011, 17:36
Any suggestions for dealing with CVE-2010-3849, since no version of SLES
has the minimum kernel version to fix this problem? Also, we're running
OES, so we need a fix for SLES 10. From the security scan:

Multiple vulnerabilities exists in Linux Kernel caused by:-
1. The econet_sendmsg function in net/econet/af_econet.c in the
Linux kernel and
2. The ec_dev_ioctl function in net/econet/af_econet.c in the Linux
kernel

The vulnerabilities are reported in all the Linux Kernel versions
before 2.6.36.2.
IMPACT:
Successful exploitation allows local users to bypass intended
access restrictions and cause a denial of service.
SOLUTION:
Update to version 2.6.36.2 to resolve the issue.

'CVE - CVE-2010-3849 (under review)'
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3849)


Aw, nuts, I just reread it and see the part about local users, which we
don't have other than admins. I guess this isn't really an issue, but
I'll post anyway for anyone who does have local users and needs to
address it.


--
zenking
------------------------------------------------------------------------
zenking's Profile: http://forums.novell.com/member.php?userid=2813
View this thread: http://forums.novell.com/showthread.php?t=445962

malcolmlewis
04-Oct-2011, 18:00
On Tue, 04 Oct 2011 16:36:02 GMT
zenking <zenking@no-mx.forums.novell.com> wrote:

>
> Any suggestions for dealing with CVE-2010-3849, since no version of
> SLES has the minimum kernel version to fix this problem? Also, we're
> running OES, so we need a fix for SLES 10. From the security scan:
>
> Multiple vulnerabilities exists in Linux Kernel caused by:-
> 1. The econet_sendmsg function in net/econet/af_econet.c in the
> Linux kernel and
> 2. The ec_dev_ioctl function in net/econet/af_econet.c in the Linux
> kernel
>
> The vulnerabilities are reported in all the Linux Kernel versions
> before 2.6.36.2.
> IMPACT:
> Successful exploitation allows local users to bypass intended
> access restrictions and cause a denial of service.
> SOLUTION:
> Update to version 2.6.36.2 to resolve the issue.
>
> 'CVE - CVE-2010-3849 (under review)'
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3849)
>
>
> Aw, nuts, I just reread it and see the part about local users, which
> we don't have other than admins. I guess this isn't really an issue,
> but I'll post anyway for anyone who does have local users and needs to
> address it.
>
>
Hi
Fixed a long time ago;
http://support.novell.com/security/cve/CVE-2010-3849.html

Security issues are backported so you need to check the changelogs.

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.7-desktop
up 8 days 3:45, 3 users, load average: 0.19, 0.22, 0.20
GPU GeForce 8600 GTS Silent - Driver Version: 280.13

zenking
04-Oct-2011, 19:36
Thanks, Malcolm.


--
zenking
------------------------------------------------------------------------
zenking's Profile: http://forums.novell.com/member.php?userid=2813
View this thread: http://forums.novell.com/showthread.php?t=445962