// For flags

CVE-2010-4342

Debian Security Advisory 2153-1

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.

La función aun_incoming en net/econet/af_econet.c en el kernel de Linux anterior a v2.6.37-rc6, cuando Econet está activado, permite a atacantes remotos provocar una denegación de servicio (desreferencia a un puntero NULL y OOPS) mediante el envío de un paquete Acorn Universal Networking (AUN)sobre UDP.

Multiple vulnerabilities have been addressed in the Linux 2.6 kernel. Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-11-30 CVE Reserved
  • 2010-12-30 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-06-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"
rc1
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"
rc2
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"
rc3
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"
rc4
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.37
Search vendor "Linux" for product "Linux Kernel" and version "2.6.37"
rc5
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 9
Search vendor "Suse" for product "Linux Enterprise Server" and version "9"
-
Affected