Any suggestions for dealing with CVE-2010-3849, since no version of SLES
has the minimum kernel version to fix this problem? Also, we're running
OES, so we need a fix for SLES 10. From the security scan:

Multiple vulnerabilities exists in Linux Kernel caused by:-
1. The econet_sendmsg function in net/econet/af_econet.c in the
Linux kernel and
2. The ec_dev_ioctl function in net/econet/af_econet.c in the Linux

The vulnerabilities are reported in all the Linux Kernel versions
Successful exploitation allows local users to bypass intended
access restrictions and cause a denial of service.
Update to version to resolve the issue.

'CVE - CVE-2010-3849 (under review)'

Aw, nuts, I just reread it and see the part about local users, which we
don't have other than admins. I guess this isn't really an issue, but
I'll post anyway for anyone who does have local users and needs to
address it.

zenking's Profile:
View this thread: