PT-2013-3865 · Linux+3 · Linux Kernel+3

Published

2013-03-22

Updated

2014-02-07

CVE-2013-2635

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.8.4

Description The issue allows local users to obtain sensitive information from kernel stack memory. This is due to the rtnl fill ifinfo function in net/core/rtnetlink.c not initializing a certain structure member, which can be exploited via a crafted application.

Recommendations For Linux kernel versions prior to 3.8.4, update to version 3.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the rtnl fill ifinfo function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CESA-2013_1051

CVE-2013-2635

OPENSUSE-SU-2013_1187-1

RHSA-2013:0829

RHSA-2013:1051

RHSA-2013:1080

RHSA-2013_1051

SUSE-SU-2015:0481-1

USN-1809-1

USN-1811-1

USN-1812-1

USN-1813-1

USN-1814-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2013-3865 · Linux+3 · Linux Kernel+3

CVE-2013-2635

Weakness Enumeration

Related Identifiers

Affected Products

References · 29