PT-2013-2222 · Linux+3 · Linux Kernel+3

Alan Cox

Publicado

2013-02-20

Atualizado

2023-02-13

CVE-2013-0310

CVSS v2.0

6.6

Média

Vetor

AV:L/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.4.8

Description The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This is achieved through an IPOPT CIPSO IP OPTIONS setsockopt system call. The cipso v4 validate function in net/ipv4/cipso ipv4.c is the vulnerable component.

Recommendations For Linux kernel versions prior to 3.4.8, update to version 3.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the setsockopt system call to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CESA-2013_0496

CVE-2013-0310

RHSA-2013:0496

RHSA-2013_0496

SUSE-SU-2015:0652-1

USN-1554-1

USN-1558-1

USN-1563-1

USN-1579-1

USN-1580-1

USN-1651-1

USN-1653-1

Produtos afetados

Centos

Linux Kernel

Red Hat

Suse

PT-2013-2222 · Linux+3 · Linux Kernel+3

CVE-2013-0310

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25