Lucene search

[email protected]CVE-2013-4300

HistorySep 25, 2013 - 10:31 a.m.

CVE-2013-4300

2013-09-2510:31:00

CWE-264

[email protected]

web.nvd.nist.gov

linux kernel

cve-2013-4300

local privilege escalation

net/core/scm.c

pid spoofing

nvd

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq3.9

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	3.9

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e

www.openwall.com/lists/oss-security/2013/09/05/3

www.ubuntu.com/usn/USN-1995-1

www.ubuntu.com/usn/USN-1998-1

bugzilla.redhat.com/show_bug.cgi?id=1004736

github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e

www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

Related for CVE-2013-4300

prion1 debiancve1 ubuntucve1 openvas6 ubuntu2 securityvulns2 nessus4 oraclelinux1