CVE-2013-7263

Sažetak

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.

Reference

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
https://bugzilla.redhat.com/show_bug.cgi?id=1035875
https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69
http://www.openwall.com/lists/oss-security/2013/11/28/13
http://secunia.com/advisories/56036
http://secunia.com/advisories/55882
http://seclists.org/oss-sec/2014/q1/29
http://www.ubuntu.com/usn/USN-2109-1
http://rhn.redhat.com/errata/RHSA-2014-0159.html
http://www.ubuntu.com/usn/USN-2113-1
http://www.ubuntu.com/usn/USN-2110-1
http://www.ubuntu.com/usn/USN-2117-1
http://www.ubuntu.com/usn/USN-2108-1
http://www.ubuntu.com/usn/USN-2107-1
http://www.ubuntu.com/usn/USN-2138-1
http://www.ubuntu.com/usn/USN-2136-1
http://www.ubuntu.com/usn/USN-2139-1
http://www.ubuntu.com/usn/USN-2141-1
http://www.ubuntu.com/usn/USN-2135-1
http://rhn.redhat.com/errata/RHSA-2014-0285.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bceaa90240b6019ed73b49965eac7d167610be69

CVSS

Base:	4.9
Impact:	6.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:17

Objavljeno

06-01-2014 - 16:55