CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
46.5%
The scm_set_cred function in include/net/scm.h in the Linux kernel before
3.8.11 uses incorrect uid and gid values during credentials passing, which
allows local users to gain privileges via a crafted application.
Author | Note |
---|---|
seth-arnold | 41c21e351e79004dbb4efa4bc14a53a7e0af38c5 is additional hardening; it does not on its own fix this CVE, nor will it get its own CVE number, though it is useful enough to be included in an update. Andy recommended applying in conjunction with 83f1b4ba917db5dc5a061a44b3403ddb6e783494. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | < 3.2.0-44.69 | UNKNOWN |
ubuntu | 12.10 | noarch | linux | < 3.5.0-34.55 | UNKNOWN |
ubuntu | 13.04 | noarch | linux | < 3.8.0-19.30 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1619.29 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-armadaxp | < 3.5.0-1616.24 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | < 3.5.0-34.55~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1432.41 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-ti-omap4 | < 3.5.0-226.39 | UNKNOWN |
ubuntu | 13.04 | noarch | linux-ti-omap4 | < 3.5.0-226.39 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2013-1979
nvd.nist.gov/vuln/detail/CVE-2013-1979
security-tracker.debian.org/tracker/CVE-2013-1979
ubuntu.com/security/notices/USN-1815-1
ubuntu.com/security/notices/USN-1833-1
ubuntu.com/security/notices/USN-1839-1
ubuntu.com/security/notices/USN-1880-1
ubuntu.com/security/notices/USN-1881-1
ubuntu.com/security/notices/USN-1882-1
ubuntu.com/security/notices/USN-1883-1
www.cve.org/CVERecord?id=CVE-2013-1979