Published: 30/12/2010 Updated: 13/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 220

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel prior to 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
suse linux enterprise server 10
suse linux enterprise server 9
suse linux enterprise desktop 10
suse linux enterprise software development kit 10
suse linux enterprise real time extension 11
debian debian linux 5.0
canonical ubuntu linux 10.10
canonical ubuntu linux 9.10
canonical ubuntu linux 8.04
canonical ubuntu linux 10.04
canonical ubuntu linux 6.06

Multiple kernel flaws ...

An attacker could send crafted input to the kernel and cause it to crash ...

Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel ...

Multiple kernel flaws ...

The Linux kernel could be made to run unauthorized programs with administrator privileges ...

/* * half-nelsonc * * Linux Kernel < 26362 Econet Privilege Escalation Exploit * Jon Oberheide <jon@oberheideorg> * jonoberheideorg * * Information: * * cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2010-3848 * * Stack-based buffer overflow in the econet_sendmsg function in * net/econet/af_econetc in ...

/* * Linux Kernel <= 2637 local privilege escalation * by Dan Rosenberg * @djrbliss on twitter * * Usage: * gcc full-nelsonc -o full-nelson * /full-nelson * * This exploit leverages three vulnerabilities to get root, all of which were * discovered by Nelson Elhage: * * CVE-2010-4258 * ------------- * This is the interesting one ...

This exploit leverages three vulnerabilities to escalate privileges The primary vulnerability is a kernel stack overflow, not a stack buffer overflow as the CVE description incorrectly states This may be the first public exploit for a kernel stack overflow, and it turns out to be a bit tricky due to some particulars of the econet vulnerability I ...

Linux kernel local privilege escalation exploit for versions 2637 and below It leverages three separate vulnerabilities to achieve root including a NULL pointer dereference, being able to assign arbitrary Econet addresses to arbitrary interfaces, and the ability to write a NULL word to an arbitrary kernel address ...

A simple virus of linux. It can get root and destory your system.(这是一个简单的linux下的病毒，它仅能得到root权限和感染文件并进行破坏)

About 这个是linux下病毒的一个最简易版本，包含的功能有：得到root权限感染文件进行破坏通过一些linux下的系统调用来实现的。得到root权限是通过 CVE-2010-4258,CVE-2010-3849,CVE-2010-3850这三个漏洞，主要是Econnet protocol 的漏洞来实现的，并且只针对特定的Linux内核版本有效。

NVD-CWE-noinfo http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 https://bugzilla.redhat.com/show_bug.cgi?id=644156 http://openwall.com/lists/oss-security/2010/11/30/1 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://www.ubuntu.com/usn/USN-1023-1 http://www.debian.org/security/2010/dsa-2126 http://www.mandriva.com/security/advisories?name=MDVSA-2010:257 http://secunia.com/advisories/43056 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://www.vupen.com/english/advisories/2011/0213 http://secunia.com/advisories/43291 http://www.vupen.com/english/advisories/2011/0298 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://www.vupen.com/english/advisories/2011/0375 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16c41745c7b92a243d0874f534c1655196c64b74 https://nvd.nist.gov https://github.com/karottc/linux-virus https://usn.ubuntu.com/1083-1/https://www.exploit-db.com/exploits/17787/

CVE-2010-3850

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect