| Revision Date: | 2013-09-25 | Version: | 1 | | Title: | CVE-2013-4343 on Ubuntu 12.04 LTS (precise) - medium. | | Description: | Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. Wannes Rombouts reported a vulnerability in the networking tuntap interface of the Linux kernel. A local user with the CAP_NET_ADMIN capability could leverage this flaw to gain full admin privileges.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2013-4343
| | Platform(s): | Ubuntu 12.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 12.04 LTS (precise) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in precise is not affected.
OR NOT While related to the CVE in some way, the 'linux-armadaxp' package in precise is not affected.
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-lts-quantal' package in precise is not affected.
OR The 'linux-lts-raring' package in precise was vulnerable but has been fixed (note: '3.8.0-33.48~precise1').
OR NOT While related to the CVE in some way, the 'linux-lts-saucy' package in precise is not affected (note: '3.11.0-13.20~precise2').
OR NOT While related to the CVE in some way, the 'linux-lts-trusty' package in precise is not affected (note: '3.13.0-24.46~precise1').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected.
|
|