Lucene search
SAINT CorporationSAINT:18A030A4FCD5D3FC247DC77100CC35FBHistoryMay 13, 2014 - 12:00 a.m.
Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation
2014-05-1300:00:00
SAINT Corporation
www.saintcorporation.com
28
EPSS
0.001
Percentile
25.8%
Added: 05/13/2014
CVE: CVE-2013-1763
BID: 58137
OSVDB: 90604
Background
Netlink is a feature of the Linux kernel which allows communication between kernel and user space.
Problem
An array index error in the **__sock_diag_rcv_msg** function in the Linux kernel allows local users to gain root privileges by sending a Netlink message with a large family value.
Resolution
Upgrade to Linux kernel 3.7.10 or higher or install the appropriate package update from the operating system vendor.
References
<http://seclists.org/oss-sec/2013/q1/420>
<https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10>
Limitations
Exploit works on Ubuntu or Fedora and requires an existing unprivileged shell connection to the target.
Platforms
Linux
Related
veracode
veracode
Privilege Escalation
2019-05-02 04:54:03
nessus
nessus
Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-1749-1)
2013-02-27 00:00:00
Ubuntu 12.10 : linux vulnerabilities (USN-1750-1)
2013-02-27 00:00:00
Fedora 17 : kernel-3.7.9-104.fc17 (2013-3106)
2013-03-04 00:00:00
saint
saint
Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation
2014-05-13 00:00:00
Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation
2014-05-13 00:00:00
Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation
2014-05-13 00:00:00
openvas
openvas
Ubuntu Update for linux-lts-quantal USN-1749-1
2013-03-01 00:00:00
Ubuntu: Security Advisory (USN-1749-1)
2013-03-01 00:00:00
Ubuntu Update for linux-ti-omap4 USN-1751-1
2013-03-01 00:00:00
exploitdb
exploitdb
ubuntucve
ubuntucve
CVE-2013-1763
2013-02-23 00:00:00
securityvulns
securityvulns
[USN-1750-1] Linux kernel vulnerabilities
2013-03-02 00:00:00
Linux kernel security vulnerabilities
2013-03-02 00:00:00
debiancve
debiancve
CVE-2013-1763
2013-02-28 19:55:01
zdt
zdt
Ubuntu 12.10 64-Bit sock_diag_handlers Local Root Exploit
2013-03-13 00:00:00
Linux Kernel 3.5.0-23 (Ubuntu 12.04.2 x64) - SOCK_DIAG SMEP Bypass Local Privilege Escalation Exploi
2018-03-19 00:00:00
Linux Kernel 3.3-3.8 - SOCK_DIAG Local Root Exploit
2014-05-17 00:00:00
ubuntu
ubuntu
Linux kernel (Quantal HWE) vulnerability
2013-02-26 00:00:00
Linux kernel (OMAP4) vulnerability
2013-02-27 00:00:00
Linux kernel vulnerabilities
2013-02-26 00:00:00
nvd
nvd
CVE-2013-1763
2013-02-28 19:55:01
cve
cve
CVE-2013-1763
2013-02-28 19:55:01
exploitpack
exploitpack
seebug
seebug
Linux Kernel 3.3-3.8 - SOCK_DIAG Local Root Exploit
2014-07-01 00:00:00
prion
prion
Code injection
2013-02-28 19:55:00
cvelist
cvelist
CVE-2013-1763
2013-02-28 19:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: kernel-3.7.9-205.fc18
2013-02-27 02:30:12
[SECURITY] Fedora 18 Update: kernel-3.8.1-201.fc18
2013-03-02 19:55:59
[SECURITY] Fedora 18 Update: kernel-3.8.2-206.fc18
2013-03-11 01:24:13
redhat
redhat
(RHSA-2013:0622) Important: kernel-rt security and bug fix update
2013-03-11 00:00:00
suse
suse
kernel: fixed local privilege escalation (important)
2013-03-05 17:04:25