CVE-2010-3850 — Vulnetix

CVE-2010-3850 PUBLISHED CVSS 2.0999999046325684 LOW

The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.

EPSS 0.10% · 26.4th percentile

Risk Scores

CVSS v2.0

2.0999999046325684

EPSS Score

0.10%

26.4th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	0
debian	debian_linux	5.0
n/a	n/a	*
canonical	ubuntu_linux	10.04, 10.10, 8.04
suse	linux_enterprise_server	9, 10
suse	linux_enterprise_desktop	10
suse	linux_enterprise_software_development_kit	10
suse	linux_enterprise_real_time_extension	11

Timeline

Dec 7, 2010 PoC Published
Dec 8, 2010 PoC Published
Dec 30, 2010 CVE Published
Sep 4, 2011 PoC Published
Sep 5, 2011 PoC Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 17, 2022 EPSS Score

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16c41745c7b92a243d0874f534c1655196c64b74 url
43056 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=644156 url
20101207 Linux kernel exploit mailing-list
SUSE-SA:2011:007 vendor-advisory
[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET mailing-list
ADV-2011-0298 vdb
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 url
MDVSA-2011:051 vendor-advisory
MDVSA-2010:257 vendor-advisory
SUSE-SA:2011:005 vendor-advisory
ADV-2011-0375 vdb
USN-1023-1 vendor-advisory
SUSE-SA:2011:008 vendor-advisory
43291 third-party-advisory
ADV-2011-0213 vdb
DSA-2126 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2010-3850 advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16c41745c7b92a243d0874f534c1655196c64b74 url

Open in Interactive Console →