CVE-2010-4342
Published: 30 December 2010
The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.
From the Ubuntu Security Team
Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.6.24-29.89)
|
|
karmic |
Ignored
|
|
lucid |
Released
(2.6.32-32.62)
|
|
maverick |
Released
(2.6.35-27.47)
|
|
natty |
Released
(2.6.37-10.24)
|
|
upstream |
Released
(2.6.37~rc6)
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e085e76cbe558b79b54cbab772f61185879bc64 |
||
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(2.6.32-316.30)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.37~rc6)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(2.6.31-609.26)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.37~rc6)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Released
(2.6.35-28.50~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.37~rc6)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(2.6.38-1.27~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.37~rc6)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(2.6.32-217.34)
|
|
maverick |
Released
(2.6.32-417.34)
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.37~rc6)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-57.96)
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.6.37~rc6)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Released
(2.6.35-903.22)
|
|
natty |
Not vulnerable
(2.6.38-1201.2)
|
|
upstream |
Released
(2.6.37~rc6)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4342
- http://openwall.com/lists/oss-security/2010/12/09/1
- https://ubuntu.com/security/notices/USN-1081-1
- https://ubuntu.com/security/notices/USN-1119-1
- https://ubuntu.com/security/notices/USN-1111-1
- https://ubuntu.com/security/notices/USN-1133-1
- https://ubuntu.com/security/notices/USN-1141-1
- https://ubuntu.com/security/notices/USN-1162-1
- https://ubuntu.com/security/notices/USN-1164-1
- https://ubuntu.com/security/notices/USN-1167-1
- https://ubuntu.com/security/notices/USN-1159-1
- https://ubuntu.com/security/notices/USN-1187-1
- NVD
- Launchpad
- Debian