Lucene search

[email protected]NVD:CVE-2013-4300

HistorySep 25, 2013 - 10:31 a.m.

CVE-2013-4300

2013-09-2510:31:29

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

Percentile

9.8%

JSON

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

Affected configurations

Nvd

Node

linuxlinux_kernelRange3.8.6–3.9

linuxlinux_kernelMatch3.9rc1

linuxlinux_kernelMatch3.9rc2

linuxlinux_kernelMatch3.9rc3

linuxlinux_kernelMatch3.9rc4

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e

www.openwall.com/lists/oss-security/2013/09/05/3

www.ubuntu.com/usn/USN-1995-1

www.ubuntu.com/usn/USN-1998-1

bugzilla.redhat.com/show_bug.cgi?id=1004736

github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e

www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

Percentile

9.8%

JSON

Related for NVD:CVE-2013-4300

cvelist1 prion1 ubuntucve1 debiancve1 cve1 openvas6 ubuntu2 nessus4 securityvulns2 oraclelinux1