Vulnerability CVE-2013-1763


Published: 2013-02-28

Description:
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Linux Kernel 3.3-3.8 sock_diag out-of-bounds
Mathias
24.02.2013
Med.
Ubuntu 12.10 64bit sock_diag out-of-bounds exploit
Kacper Szczesnia...
11.03.2013
Med.
Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) SOCK_DIAG SMEP Bypass Local Privilege Escalation
Vitaly Nikolenko
20.03.2018

Type:

CWE-20

(Improper Input Validation)

Vendor: Linux
Product: Linux kernel 
Version:
3.7.9
3.7.8
3.7.7
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7
3.6.9
3.6.8
3.6.7
3.6.6
3.6.5
3.6.4
3.6.3
3.6.2
3.6.11
3.6.10
3.6.1
3.6
3.5.7
3.5.6
3.5.5
3.5.4
3.5.3
3.5.2
3.5.1
3.4.9
3.4.8
3.4.7
3.4.6
3.4.5
3.4.4
3.4.3
3.4.24
3.4.23
3.4.22
3.4.21
3.4.20
3.4.2
3.4.19
3.4.18
3.4.17
3.4.16
3.4.15
3.4.14
3.4.13
3.4.12
3.4.11
3.4.10
3.4.1
3.4
3.3.8
3.3.7
3.3.6
3.3.5
3.3.4
3.3.3
3.3.2
3.3.1
3.3
3.2.9
3.2.8
3.2.7
3.2.6
3.2.5
3.2.4
3.2.30
3.2.3
3.2.29
3.2.28
3.2.27
3.2.26
3.2.25
3.2.24
3.2.23
3.2.22
3.2.21
3.2.20
3.2.2
3.2.19
3.2.18
3.2.17
3.2.16
3.2.15
3.2.14
3.2.13
3.2.12
3.2.11
3.2.10
3.2.1
3.2
3.1.9
3.1.8
3.1.7
3.1.6
3.1.5
3.1.4
See more versions on NVD

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
https://bugzilla.redhat.com/show_bug.cgi?id=915052
http://www.ubuntu.com/usn/USN-1751-1
http://www.ubuntu.com/usn/USN-1750-1
http://www.ubuntu.com/usn/USN-1749-1
http://www.openwall.com/lists/oss-security/2013/02/24/3
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10
http://www.exploit-db.com/exploits/33336
http://www.exploit-db.com/exploits/24746
http://www.exploit-db.com/exploits/24555
http://openwall.com/lists/oss-security/2013/02/25/12
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html

Related CVE
CVE-2019-10639
The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the...
CVE-2019-10638
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to ...
CVE-2019-13233
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.
CVE-2019-12984
A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of ser...
CVE-2019-12817
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of pow...
CVE-2019-3896
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial ...
CVE-2019-11478
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denia...

Copyright 2019, cxsecurity.com

 

Back to Top