3 matches found
Linux内核scm_check_creds安全绕过漏洞(CVE-2013-1958)
CVE ID:CVE-2013-1958 Linux是一款开源的操作系统 Linux内核3.8.6之前版本net/core/scm.c中的scmcheckcreds函数没有正确执行控制与UNIX域套接字相关联的PID值所需的能力capability,允许本地用户利用用户命名空间已创建但PID命名空间还未创建的时间间隔绕过所需的访问限制 0 Linux kernel 3.8.6之前版本 厂商解决方案 Linux kernel 3.8.6已经修复此漏洞,建议用户下载更新: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.6...
CVE-2013-1958
The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval durin...
CVE-2013-1958
CVE-2013-1958 affects Linux kernels before 3.8.6 where scm_check_creds in net/core/scm.c fails to enforce capabilities for the PID value tied to a UNIX domain socket, allowing local users to bypass access controls during a window when a user namespace exists but a PID namespace is not yet created...