FS#34005 - [linux] [CVE-2013-1763] Out of bounds access to sock_diag_handlers may lead to privilege escalation
Attached to Project:
Arch Linux
Opened by . (Thralas) - Sunday, 24 February 2013, 20:59 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 25 February 2013, 10:23 GMT
Opened by . (Thralas) - Sunday, 24 February 2013, 20:59 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 25 February 2013, 10:23 GMT
|
Details
"An unprivileged user can send a netlink message resulting
in an
out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode." [1] Affects: core/linux-3.7.9-1 testing/linux-3.8.1 (linux-lts is not affected) Upstream fix is available in the net tree [2]. A stable release containing the fix is currently not available. Note: A PoC was released elswhere (Ubuntu 12.10, x86) [3]. References: [1] http://seclists.org/oss-sec/2013/q1/420 [2] https://git.kernel.org/?p=linux/kernel/git/davem/net.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 [3] https://rdot.org/forum/showthread.php?p=30828 |
This task depends upon
Closed by Tobias Powalowski (tpowa)
Monday, 25 February 2013, 10:23 GMT
Reason for closing: Fixed
Additional comments about closing: 3.7.9-2 & 3.8-2
Monday, 25 February 2013, 10:23 GMT
Reason for closing: Fixed
Additional comments about closing: 3.7.9-2 & 3.8-2