PT-2013-1269 · Linux+4 · Linux Kernel+4

Mathias Krause

Publicado

2013-12-31

Atualizado

2020-05-19

CVE-2013-7421

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions linux-image versions 3.13.0 through 3.16.0 linux-image versions prior to 3.18.5

Description The issue affects the Linux kernel and can lead to breaches of confidentiality, integrity, and availability of protected information. It can be exploited locally or remotely. The Crypto API in the Linux kernel allows local users to load arbitrary kernel modules via a bind system call for an AF ALG socket with a module name in the salg name field.

Recommendations For linux-image versions 3.13.0 through 3.16.0, update to a version prior to 3.18.5 to resolve the issue. For linux-image versions prior to 3.18.5, update to version 3.18.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the AF ALG socket to minimize the risk of exploitation.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17CWE-269

Identificadores relacionados

ALT-PU-2015-1118

ALT-PU-2015-1794

BDU:2015-09845

BDU:2015-09847

CESA-2015_2152

CVE-2013-7421

DSA-3170-1

MGASA-2015-0070

MGASA-2015-0075

MGASA-2015-0076

MGASA-2015-0077

MGASA-2015-0078

RHSA-2015:2152

RHSA-2015:2411

RHSA-2015_2152

RHSA-2015_2411

RHSA-2016:0068

USN-2513-1

USN-2514-1

USN-2543-1

USN-2544-1

USN-2545-1

USN-2546-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2013-1269 · Linux+4 · Linux Kernel+4

CVE-2013-7421

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 118