Vulnerability Name: | CVE-2013-1828 (CCN-82664) | ||||||||
Assigned: | 2013-03-08 | ||||||||
Published: | 2013-03-08 | ||||||||
Updated: | 2013-12-01 | ||||||||
Summary: | The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. | ||||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.4 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
3.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-1828 Source: CONFIRM Type: Exploit, Patch http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=726bc6b092da4c093eb74d13c07184b18c1af0f1 Source: CCN Type: Linux Kernel GIT Repository net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS Source: MISC Type: Exploit http://grsecurity.net/~spender/sctp.c Source: MISC Type: UNKNOWN http://twitter.com/grsecurity/statuses/309805924749541376 Source: EXPLOIT-DB Type: UNKNOWN 24747 Source: CONFIRM Type: UNKNOWN http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4 Source: MLIST Type: UNKNOWN [oss-security] 20130307 Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow Source: CCN Type: BID-58389 Linux Kernel 'SCTP_GET_ASSOC_STATS()' Stack-Based Buffer Overflow Vulnerability Source: CCN Type: Red Hat Bugzilla Bug 919315 CVE-2013-1828 kernel: sctp: SCTP_GET_ASSOC_STATS stack buffer overflow Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=919315 Source: XF Type: UNKNOWN linux-sctpgetassocstats-bo(82664) Source: CONFIRM Type: Exploit, Patch https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1 Source: CCN Type: Packet Storm Security [03-13-2013] Linux Kernel SCTP_GET_ASSOC_STATS() Buffer Overflow Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [03-13-2013] | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |