FS#34005 : [linux] [CVE-2013-1763] Out of bounds access to sock_diag_handlers may lead to privilege escalation

FS#34005 - [linux] [CVE-2013-1763] Out of bounds access to sock_diag_handlers may lead to privilege escalation

Attached to Project: Arch Linux
Opened by . (Thralas) - Sunday, 24 February 2013, 20:59 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 25 February 2013, 10:23 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Tobias Powalowski (tpowa) Thomas Bächler (brain0)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Dominik Brzeziński (kelloco2) (2013-06-14) AndrzejL (AndrzejL) (2013-02-26)
Private	No

Details

"An unprivileged user can send a netlink message resulting in an
out-of-bounds access of the sock_diag_handlers[] array which, in turn,
allows userland to take over control while in kernel mode." [1]

Affects: core/linux-3.7.9-1 testing/linux-3.8.1 (linux-lts is not affected)

Upstream fix is available in the net tree [2]. A stable release containing the fix is currently not available.

Note: A PoC was released elswhere (Ubuntu 12.10, x86) [3].

References:
[1] http://seclists.org/oss-sec/2013/q1/420
[2] https://git.kernel.org/?p=linux/kernel/git/davem/net.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
[3] https://rdot.org/forum/showthread.php?p=30828

This task depends upon

Closed by Tobias Powalowski (tpowa)
Monday, 25 February 2013, 10:23 GMT
Reason for closing: Fixed
Additional comments about closing: 3.7.9-2 & 3.8-2

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#34005 - [linux] [CVE-2013-1763] Out of bounds access to sock_diag_handlers may lead to privilege escalation

Details

Loading...