PT-2013-2708 · Linux+3 · Linux Kernel+3

Emese Revfy

Published

2013-03-22

Updated

2014-02-07

CVE-2013-0914

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.8.4

Description The issue allows local users to bypass the ASLR protection mechanism. This is achieved through a crafted application containing a sigaction system call, which exploits the preservation of the sa restorer field value across an exec operation by the flush signal handlers function in kernel/signal.c.

Recommendations For Linux kernel versions prior to 3.8.4, update to version 3.8.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sigaction system call until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2013_1051

CVE-2013-0914

DSA-2668-1

OPENSUSE-SU-2013_1187-1

RHSA-2013:0829

RHSA-2013:1034

RHSA-2013:1051

RHSA-2013:1080

RHSA-2013_1034

RHSA-2013_1051

SUSE-SU-2015:0481-1

SUSE-SU-2015:0652-1

USN-1787-1

USN-1788-1

USN-1792-1

USN-1793-1

USN-1794-1

USN-1795-1

USN-1796-1

USN-1797-1

USN-1798-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2013-2708 · Linux+3 · Linux Kernel+3

CVE-2013-0914

Weakness Enumeration

Related Identifiers

Affected Products

References · 38