Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:60839
HistoryJun 11, 2013 - 12:00 a.m.

Linux Kernel 'b43'无线驱动本地特权提升漏洞

2013-06-1100:00:00
Root
www.seebug.org
39

0.001 Low

EPSS

Percentile

23.8%

JSON

CVE ID:CVE-2013-2852

Linux是一款开源的操作系统。

Linux b43无线驱动存在安全问题,允许本地攻击者利用漏洞提升权限。
b43无线驱动drivers/net/wireless/b43/main.c b43_request_firmware函数可使用"fwpostfix"模块参数来更改文件名用于获取固件,如果此文件没有找到的情况下,错误消息会把文件名以格式串处理,这可导致应用程序崩溃或可以从uid-0提权到ring-0。
0
Linux Kernel 3.9.4
厂商解决方案

用户可参考如下厂商提供的安全公告获得补丁信息:
http://git.kernel.org/cgit/linux/kernel/git/linville/wireless.git/commit/?id=9538cbaab6e8b8046039b4b2eb6c9d614dc782bd


                                                # rmmod b43
# modprobe b43 fwpostfix=AA%xBB
...
# dmesg
...
b43-0 ERROR: Firmware file "b43AAdeff80ccBB/a0g1bsinitvals5.fw" not found

Using %n instead of %x would lead to exciting crashes. :)

Related

prion 1
nessus 28
ubuntucve 1
openvas 72
ubuntu 10
debiancve 1
cve 1
mageia 9
redhat 5
fedora 15
oraclelinux 4
debian 2
osv 2
centos 1
altlinux 1
suse 1
securityvulns 2
amazon 1
veracode 10
prion
prion
Format string
2013-06-07 14:03:00
nessus
nessus
Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-1915-1)
2013-07-30 00:00:00
Ubuntu 12.04 LTS : linux-lts-raring vulnerability (USN-1916-1)
2013-07-30 00:00:00
Ubuntu 12.04 LTS : linux vulnerability (USN-1914-1)
2013-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2013-2852
2013-06-07 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1915-1)
2013-08-08 00:00:00
Ubuntu: Security Advisory (USN-1917-1)
2013-08-08 00:00:00
Ubuntu: Security Advisory (USN-1914-1)
2013-08-08 00:00:00
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerability
2013-07-30 00:00:00
Linux kernel (OMAP4) vulnerability
2013-07-29 00:00:00
Linux kernel vulnerability
2013-07-29 00:00:00
debiancve
debiancve
CVE-2013-2852
2013-06-07 14:03:00
cve
cve
CVE-2013-2852
2013-06-07 14:03:00
mageia
mageia
Updated kernel-linus package fixes security issues
2013-07-16 11:32:10
Updated kernel-linus package fixes multiple security vulnerabilities
2013-07-16 12:05:14
Updated kernel packages fix multiple security vulnerabilities
2013-07-09 21:56:42
redhat
redhat
(RHSA-2013:1450) Important: kernel security and bug fix update
2013-10-22 00:00:00
(RHSA-2013:1080) Moderate: kernel security and bug fix update
2013-07-16 00:00:00
(RHSA-2013:1051) Moderate: kernel security and bug fix update
2013-07-16 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: kernel-3.9.5-301.fc19
2013-06-14 04:52:17
[SECURITY] Fedora 18 Update: kernel-3.9.5-201.fc18
2013-06-13 06:05:52
[SECURITY] Fedora 18 Update: kernel-3.9.9-201.fc18
2013-07-12 03:11:58
oraclelinux
oraclelinux
unbreakable enterprise kernel security update
2013-07-18 00:00:00
unbreakable enterprise kernel security update
2013-07-18 00:00:00
kernel security and bug fix update
2013-07-16 00:00:00
debian
debian
[SECURITY] [DSA 2745-1] linux security update
2013-08-29 05:07:31
[SECURITY] [DSA 2766-1] linux-2.6 security update
2013-09-27 23:24:02
osv
osv
linux - several
2013-08-28 00:00:00
linux-2.6 - several
2013-09-27 00:00:00
centos
centos
kernel, perf, python security update
2013-07-17 04:56:29
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt9
2013-07-17 00:00:00
suse
suse
Security update for Linux kernel (important)
2013-09-21 00:04:17
securityvulns
securityvulns
[ MDVSA-2013:194 ] kernel
2013-07-15 00:00:00
Linux kernel security vulnerabilities
2013-07-15 00:00:00
amazon
amazon
Medium: kernel
2013-08-13 21:32:00
veracode
veracode
Information Disclosure
2019-05-02 04:52:18
Denial Of Service (DoS)
2019-05-02 04:52:19
Information Disclosure
2019-05-02 04:52:18

0.001 Low

EPSS

Percentile

23.8%

JSON
Related for SSV:60839
prion1nessus28ubuntucve1openvas72ubuntu10debiancve1cve1mageia9redhat5fedora15oraclelinux4debian2osv2centos1altlinux1suse1securityvulns2amazon1veracode10