Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation

2014-05-13T00:00:00
ID SAINT:2FD3877414CB9609C42A165E6BCB9C92
Type saint
Reporter SAINT Corporation
Modified 2014-05-13T00:00:00

Description

Added: 05/13/2014
CVE: CVE-2013-1763
BID: 58137
OSVDB: 90604

Background

Netlink is a feature of the Linux kernel which allows communication between kernel and user space.

Problem

An array index error in the **__sock_diag_rcv_msg** function in the Linux kernel allows local users to gain root privileges by sending a Netlink message with a large family value.

Resolution

Upgrade to Linux kernel 3.7.10 or higher or install the appropriate package update from the operating system vendor.

References

<http://seclists.org/oss-sec/2013/q1/420>
<https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10>

Limitations

Exploit works on Ubuntu or Fedora and requires an existing unprivileged shell connection to the target.

Platforms

Linux