Lucene search

Ubuntu.comUB:CVE-2013-4300

HistorySep 25, 2013 - 12:00 a.m.

CVE-2013-4300

2013-09-2500:00:00

ubuntu.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.0%

JSON

The scm_check_creds function in net/core/scm.c in the Linux kernel before
3.11 performs a capability check in an incorrect namespace, which allows
local users to gain privileges via PID spoofing.

Bugs

<https://launchpad.net/bugs/1226495>

OSVersionArchitecturePackageVersionFilename
ubuntu13.04noarchlinux< 3.8.0-32.47UNKNOWN
ubuntu12.04noarchlinux-lts-raring< 3.8.0-32.47~precise1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	13.04	noarch	linux	< 3.8.0-32.47	UNKNOWN
ubuntu	12.04	noarch	linux-lts-raring	< 3.8.0-32.47~precise1	UNKNOWN

References

www.openwall.com/lists/oss-security/2013/09/04

launchpad.net/bugs/cve/CVE-2013-4300

nvd.nist.gov/vuln/detail/CVE-2013-4300

security-tracker.debian.org/tracker/CVE-2013-4300

ubuntu.com/security/notices/USN-1995-1

ubuntu.com/security/notices/USN-1998-1

www.cve.org/CVERecord?id=CVE-2013-4300

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for UB:CVE-2013-4300