Published: 30/12/2010 Updated: 13/02/2023

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

VMScore: 475

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel prior to 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
suse linux enterprise server 10
suse linux enterprise server 9
suse linux enterprise desktop 10
suse linux enterprise software development kit 10
suse linux enterprise real time extension 11
debian debian linux 5.0
canonical ubuntu linux 10.10
canonical ubuntu linux 9.10
canonical ubuntu linux 8.04
canonical ubuntu linux 10.04
canonical ubuntu linux 6.06

Multiple kernel flaws ...

An attacker could send crafted input to the kernel and cause it to crash ...

Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel ...

Multiple kernel flaws ...

The Linux kernel could be made to run unauthorized programs with administrator privileges ...

/* * Linux Kernel <= 2637 local privilege escalation * by Dan Rosenberg * @djrbliss on twitter * * Usage: * gcc full-nelsonc -o full-nelson * /full-nelson * * This exploit leverages three vulnerabilities to get root, all of which were * discovered by Nelson Elhage: * * CVE-2010-4258 * ------------- * This is the interesting one ...

Linux kernel local privilege escalation exploit for versions 2637 and below It leverages three separate vulnerabilities to achieve root including a NULL pointer dereference, being able to assign arbitrary Econet addresses to arbitrary interfaces, and the ability to write a NULL word to an arbitrary kernel address ...

A simple virus of linux. It can get root and destory your system.(这是一个简单的linux下的病毒，它仅能得到root权限和感染文件并进行破坏)

About 这个是linux下病毒的一个最简易版本，包含的功能有：得到root权限感染文件进行破坏通过一些linux下的系统调用来实现的。得到root权限是通过 CVE-2010-4258,CVE-2010-3849,CVE-2010-3850这三个漏洞，主要是Econnet protocol 的漏洞来实现的，并且只针对特定的Linux内核版本有效。

CWE-476 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://openwall.com/lists/oss-security/2010/11/30/1 https://bugzilla.redhat.com/show_bug.cgi?id=644156 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 http://www.ubuntu.com/usn/USN-1023-1 http://www.debian.org/security/2010/dsa-2126 http://www.mandriva.com/security/advisories?name=MDVSA-2010:257 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://secunia.com/advisories/43056 http://www.vupen.com/english/advisories/2011/0213 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://www.vupen.com/english/advisories/2011/0298 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://www.vupen.com/english/advisories/2011/0375 http://secunia.com/advisories/43291 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96 https://nvd.nist.gov https://github.com/karottc/linux-virus https://www.exploit-db.com/exploits/15704/https://usn.ubuntu.com/1083-1/

CVE-2010-3849

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect