PT-2013-5083 · Linux+2 · Linux Kernel+2
Publicado
2013-11-19
·
Atualizado
2023-02-13
·
CVE-2013-4588
CVSS v2.0
6.9
Média
| Vetor | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 2.6.33
Description
The issue is related to multiple stack-based buffer overflows in the Linux kernel. These overflows occur in the
ip vs ctl.c file when CONFIG IP VS is used, allowing local users with the CAP NET ADMIN capability to gain privileges. This can be achieved through either a getsockopt system call, related to the do ip vs get ctl function, or a setsockopt system call, related to the do ip vs set ctl function.Recommendations
For Linux kernel versions prior to 2.6.33, update to version 2.6.33 or later to resolve the issue.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Linux Kernel
Suse