Any suggestions for dealing with CVE-2010-3849, since no version of SLES
has the minimum kernel version to fix this problem? Also, we’re running
OES, so we need a fix for SLES 10. From the security scan:
Multiple vulnerabilities exists in Linux Kernel caused by:-
The econet_sendmsg function in net/econet/af_econet.c in the
Linux kernel and
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux
kernel
The vulnerabilities are reported in all the Linux Kernel versions
before 2.6.36.2.
IMPACT:
Successful exploitation allows local users to bypass intended
access restrictions and cause a denial of service.
SOLUTION:
Update to version 2.6.36.2 to resolve the issue.
Aw, nuts, I just reread it and see the part about local users, which we
don’t have other than admins. I guess this isn’t really an issue, but
I’ll post anyway for anyone who does have local users and needs to
address it.
Any suggestions for dealing with CVE-2010-3849, since no version of
SLES has the minimum kernel version to fix this problem? Also, we’re
running OES, so we need a fix for SLES 10. From the security scan:
Multiple vulnerabilities exists in Linux Kernel caused by:-
The econet_sendmsg function in net/econet/af_econet.c in the
Linux kernel and
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux
kernel
The vulnerabilities are reported in all the Linux Kernel versions
before 2.6.36.2.
IMPACT:
Successful exploitation allows local users to bypass intended
access restrictions and cause a denial of service.
SOLUTION:
Update to version 2.6.36.2 to resolve the issue.
Aw, nuts, I just reread it and see the part about local users, which
we don’t have other than admins. I guess this isn’t really an issue,
but I’ll post anyway for anyone who does have local users and needs to
address it.