[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1959Date: (C)2013-05-03   (M)2024-02-22


kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.7
Exploit Score: 1.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
EXPLOIT-DB-25307
http://www.openwall.com/lists/oss-security/2013/04/29/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6708075f104c3c9b04b23336bb0366ca30c3931b
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e3211c120a85b792978bcb4be7b2886df18d27f0
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9
https://github.com/torvalds/linux/commit/6708075f104c3c9b04b23336bb0366ca30c3931b
https://github.com/torvalds/linux/commit/e3211c120a85b792978bcb4be7b2886df18d27f0

CWE    1
CWE-264
OVAL    1
oval:org.secpod.oval:def:701270

© SecPod Technologies