CVE-2013-4270

2013-12-0918:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-4270

linux kernel

net_ctl_permissions

sysctl_net.c

uid

gid

nvd

5.7 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq3.9.0
linux:linux_kernellinux linux kerneleq3.2.21
linux:linux_kernellinux linux kerneleq3.4.30
linux:linux_kernellinux linux kerneleq3.4.4
linux:linux_kernellinux linux kerneleq3.0.25
linux:linux_kernellinux linux kerneleq3.1.2
linux:linux_kernellinux linux kerneleq3.10.8
linux:linux_kernellinux linux kerneleq3.4.11
linux:linux_kernellinux linux kerneleq3.0
linux:linux_kernellinux linux kerneleq3.2.19

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	3.9.0
linux:linux_kernel	linux linux kernel	eq	3.2.21
linux:linux_kernel	linux linux kernel	eq	3.4.30
linux:linux_kernel	linux linux kernel	eq	3.4.4
linux:linux_kernel	linux linux kernel	eq	3.0.25
linux:linux_kernel	linux linux kernel	eq	3.1.2
linux:linux_kernel	linux linux kernel	eq	3.10.8
linux:linux_kernel	linux linux kernel	eq	3.4.11
linux:linux_kernel	linux linux kernel	eq	3.0
linux:linux_kernel	linux linux kernel	eq	3.2.19