[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-2851Date: (C)2013-06-07   (M)2024-04-19


Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 1.5
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
DSA-2766
RHSA-2013:1645
RHSA-2013:1783
RHSA-2014:0284
SUSE-SU-2013:1473
SUSE-SU-2013:1474
USN-1912-1
USN-1913-1
USN-1941-1
USN-1942-1
http://marc.info/?l=linux-kernel&m=137055204522556&w=2
http://www.openwall.com/lists/oss-security/2013/06/06/13
https://bugzilla.redhat.com/show_bug.cgi?id=969515
openSUSE-SU-2013:1971

CPE    12
cpe:/o:linux:linux_kernel:3.9:rc4
cpe:/o:linux:linux_kernel:3.9:rc3
cpe:/o:linux:linux_kernel:3.9:rc2
cpe:/o:linux:linux_kernel:3.9:rc1
...
CWE    1
CWE-134
OVAL    33
oval:org.secpod.oval:def:105538
oval:org.secpod.oval:def:105143
oval:org.secpod.oval:def:106164
oval:org.secpod.oval:def:106120
...

© SecPod Technologies