Any suggestions for dealing with CVE-2010-3849, since no version of SLES
has the minimum kernel version to fix this problem? Also, we're running
OES, so we need a fix for SLES 10. From the security scan:

Multiple vulnerabilities exists in Linux Kernel caused by:-
1. The econet_sendmsg function in net/econet/af_econet.c in the
Linux kernel and
2. The ec_dev_ioctl function in net/econet/af_econet.c in the Linux
kernel

The vulnerabilities are reported in all the Linux Kernel versions
before 2.6.36.2.
IMPACT:
Successful exploitation allows local users to bypass intended
access restrictions and cause a denial of service.
SOLUTION:
Update to version 2.6.36.2 to resolve the issue.

'CVE - CVE-2010-3849 (under review)'
(http://cve.mitre.org/cgi-bin/cvename...=CVE-2010-3849)


Aw, nuts, I just reread it and see the part about local users, which we
don't have other than admins. I guess this isn't really an issue, but
I'll post anyway for anyone who does have local users and needs to
address it.


--
zenking
------------------------------------------------------------------------
zenking's Profile: http://forums.novell.com/member.php?userid=2813
View this thread: http://forums.novell.com/showthread.php?t=445962