Arch Linux

Your vote could not be added at this time.
Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#34005 - [linux] [CVE-2013-1763] Out of bounds access to sock_diag_handlers may lead to privilege escalation

Attached to Project: Arch Linux
Opened by . (Thralas) - Sunday, 24 February 2013, 20:59 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 25 February 2013, 10:23 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Thomas Bächler (brain0)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

"An unprivileged user can send a netlink message resulting in an
out-of-bounds access of the sock_diag_handlers[] array which, in turn,
allows userland to take over control while in kernel mode." [1]

Affects: core/linux-3.7.9-1 testing/linux-3.8.1 (linux-lts is not affected)

Upstream fix is available in the net tree [2]. A stable release containing the fix is currently not available.

Note: A PoC was released elswhere (Ubuntu 12.10, x86) [3].

References:
[1] http://seclists.org/oss-sec/2013/q1/420
[2] https://git.kernel.org/?p=linux/kernel/git/davem/net.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
[3] https://rdot.org/forum/showthread.php?p=30828
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Monday, 25 February 2013, 10:23 GMT
Reason for closing:  Fixed
Additional comments about closing:  3.7.9-2 & 3.8-2

Loading...