PT-2013-5083 · Linux+2 · Linux Kernel+2

Published

2013-11-19

Updated

2023-02-13

CVE-2013-4588

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.33

Description The issue is related to multiple stack-based buffer overflows in the Linux kernel. These overflows occur in the ip vs ctl.c file when CONFIG IP VS is used, allowing local users with the CAP NET ADMIN capability to gain privileges. This can be achieved through either a getsockopt system call, related to the do ip vs get ctl function, or a setsockopt system call, related to the do ip vs set ctl function.

Recommendations For Linux kernel versions prior to 2.6.33, update to version 2.6.33 or later to resolve the issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1189

CVE-2013-4588

DSA-2906-1

Affected Products

Alt Linux

Linux Kernel

Suse

PT-2013-5083 · Linux+2 · Linux Kernel+2

CVE-2013-4588

Weakness Enumeration

Related Identifiers

Affected Products

References · 21