CVE-2010-4160

Linux Kernel < 2.6.36.2 - Integer Overflow in PPPoL2TP and IPoL2TP via Crafted Sendto Call

Title source: llm
STIX 2.1

Description

Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.

References (28)

Core 28
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43056
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42801
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/24/6
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42932
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0007.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0124
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.spinics.net/lists/netdev/msg145673.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/24/12
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=651892
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0375
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42890
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0012
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44762
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/24/4
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/10/5
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/24/5
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43291
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2010/11/10/16
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0213
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.spinics.net/lists/netdev/msg145248.html

Scores

EPSS 0.0011
EPSS Percentile 29.3%

Details

CWE
CWE-190
Status published
Products (8)
linux/linux_kernel < 2.6.36.2
opensuse/opensuse 11.2
suse/linux_enterprise_desktop 10 sp3
suse/linux_enterprise_desktop 11 sp1
suse/linux_enterprise_server 9
suse/linux_enterprise_server 10 sp3
suse/linux_enterprise_server 11 sp1
suse/linux_enterprise_software_development_kit 10 sp3
Published Jan 07, 2011
Tracked Since Feb 18, 2026