PT-2013-2708 · Linux+3 · Linux Kernel+3

Emese Revfy

Publicado

2013-03-22

Atualizado

2014-02-07

CVE-2013-0914

CVSS v2.0

3.6

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.8.4

Description The issue allows local users to bypass the ASLR protection mechanism. This is achieved through a crafted application containing a sigaction system call, which exploits the preservation of the sa restorer field value across an exec operation by the flush signal handlers function in kernel/signal.c.

Recommendations For Linux kernel versions prior to 3.8.4, update to version 3.8.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sigaction system call until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CESA-2013_1051

CVE-2013-0914

DSA-2668-1

OPENSUSE-SU-2013_1187-1

RHSA-2013:0829

RHSA-2013:1034

RHSA-2013:1051

RHSA-2013:1080

RHSA-2013_1034

RHSA-2013_1051

SUSE-SU-2015:0481-1

SUSE-SU-2015:0652-1

USN-1787-1

USN-1788-1

USN-1792-1

USN-1793-1

USN-1794-1

USN-1795-1

USN-1796-1

USN-1797-1

USN-1798-1

Produtos afetados

Centos

Linux Kernel

Red Hat

Suse

PT-2013-2708 · Linux+3 · Linux Kernel+3

CVE-2013-0914

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 38