Bug 915052 - (CVE-2013-1763) CVE-2013-1763 kernel: sock_diag: out-of-bounds access to sock_diag_handlers[]
CVE-2013-1763 kernel: sock_diag: out-of-bounds access to sock_diag_handlers[]
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20130224,repo...
: Security
Depends On: 915055 915056 915057
Blocks: 915059
  Show dependency treegraph
 
Reported: 2013-02-24 08:53 EST by Petr Matousek
Modified: 2015-07-31 02:58 EDT (History)
27 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-24 08:37:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Matousek 2013-02-24 08:53:08 EST
Description:
An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode.

References:
http://seclists.org/oss-sec/2013/q1/420
http://thread.gmane.org/gmane.linux.network/260061

Upstream fix:
http://thread.gmane.org/gmane.linux.network/260061
Comment 2 Petr Matousek 2013-02-24 08:57:07 EST
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 915057]
Comment 4 Petr Matousek 2013-02-24 09:07:45 EST
Statement:

This issue did not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and 6.

This issue was addressed in Red Hat Enterprise MRG 2 via RHSA-2013:0622 https://rhn.redhat.com/errata/RHSA-2013-0622.html
Comment 6 Fedora Update System 2013-02-26 21:30:02 EST
kernel-3.7.9-205.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-03-02 15:02:45 EST
kernel-3.7.9-104.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 errata-xmlrpc 2013-03-11 14:40:38 EDT
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2013:0622 https://rhn.redhat.com/errata/RHSA-2013-0622.html
Comment 9 John Kacur 2013-06-12 09:44:00 EDT
The upstream sha1 is 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0

Note You need to log in before you can comment on or make changes to this bug.