7.2

CVE-2013-1763

Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.3 < 3.4.34
LinuxLinux Kernel Version >= 3.5 < 3.7.10
LinuxLinux Kernel Version >= 3.8 < 3.8.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.18% 0.896
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html
Third Party Advisory
VDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
Broken Link
http://openwall.com/lists/oss-security/2013/02/25/12
Mailing List
http://www.exploit-db.com/exploits/24555
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/24746
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/33336
Third Party Advisory
VDB Entry
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10
Broken Link
http://www.openwall.com/lists/oss-security/2013/02/24/3
Mailing List
http://www.ubuntu.com/usn/USN-1749-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-1750-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-1751-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=915052
Issue Tracking
https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
Patch