CVE-2010-4160

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.36.2

Description The issue is related to multiple integer overflows in the PPPoL2TP and IPoL2TP implementations. Specifically, the pppol2tp sendmsg function in net/l2tp/l2tp ppp.c and the l2tp ip sendmsg function in net/l2tp/l2tp ip.c are affected. This can allow local users to cause a denial of service, resulting in heap memory corruption and panic, or possibly gain privileges via a crafted sendto call.

Recommendations For Linux kernel versions prior to 2.6.36.2, update to version 2.6.36.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the sendto call to minimize the risk of exploitation.