CVE-2013-1959

2013-05-0311:57:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-1959

linux kernel

privilege escalation

user_namespace.c

uid_map

gid_map

nvd

6.2 Medium

AI Score

Confidence

Low

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

25.3%

JSON

kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq3.2.21
linux:linux_kernellinux linux kerneleq3.4.30
linux:linux_kernellinux linux kerneleq3.4.4
linux:linux_kernellinux linux kerneleq3.0.25
linux:linux_kernellinux linux kerneleq3.1.2
linux:linux_kernellinux linux kerneleq3.4.11
linux:linux_kernellinux linux kerneleq3.0
linux:linux_kernellinux linux kerneleq3.2.19
linux:linux_kernellinux linux kerneleq3.0.22
linux:linux_kernellinux linux kerneleq3.2.23

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	3.2.21
linux:linux_kernel	linux linux kernel	eq	3.4.30
linux:linux_kernel	linux linux kernel	eq	3.4.4
linux:linux_kernel	linux linux kernel	eq	3.0.25
linux:linux_kernel	linux linux kernel	eq	3.1.2
linux:linux_kernel	linux linux kernel	eq	3.4.11
linux:linux_kernel	linux linux kernel	eq	3.0
linux:linux_kernel	linux linux kernel	eq	3.2.19
linux:linux_kernel	linux linux kernel	eq	3.0.22
linux:linux_kernel	linux linux kernel	eq	3.2.23