Published: 28/02/2013 Updated: 01/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 740

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel prior to 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix several security issues and three bugsare now available for Red Hat Enterprise MRG 23The Red Hat Security Response Team has rated this update as havingimportant se ...

The system could be made to crash or run programs as an administrator ...

Local root exploit for Fedora 18 x86_64 using nl_table to leverage the sock_diag_handlers[] vulnerability ...

/* * quick'n'dirty poc for CVE-2013-1763 SOCK_DIAG bug in kernel 33-38 * bug found by Spender * poc by SynQ * * hard-coded for 350-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686 GNU/Linux * using nl_table->hashrehash_time, index 81 * * Fedora 18 support added * * 2/2013 */ #include <unistdh> #include <sy ...

#include <unistdh> #include <sys/socketh> #include <linux/netlinkh> #include <netinet/tcph> #include <errnoh> #include <linux/ifh> #include <linux/filterh> #include <stringh> #include <stdioh> #include <stdlibh> #include <linux/sock_diagh> #include <linux/inet_diagh&gt ...

// archerc // // 2012 sd@fucksheeporg // // Works reliably against x86-64 33-37 arch // // Tested against: // // Linux XXX 331-1-ARCH #1 SMP PREEMPT Tue Apr 3 06:46:17 UTC 2012 x86_64 GNU/Linux // Linux XXX 347-1-ARCH #1 SMP PREEMPT Sun Jul 29 22:02:56 CEST 2012 x86_64 GNU/Linux // Linux XXX 374-1-ARCH #1 SMP PREEMPT Mon Jan 21 23:05:29 ...

/** * based on the exploit by SynQ * * Modified PoC for CVE-2013-1763 with SMEP bypass * Presentation: Practical SMEP Bypass Techniques on Linux * Vitaly Nikolenko * vnik@cyseclabscom * * Target: Linux ubuntu 350-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux * * gcc sockdiag_smepc -O2 ...

研究这是一个安全研究的新人，研究一些漏洞，一点点学习和积累。 CVE-2013-1763 x

CWE-20 http://openwall.com/lists/oss-security/2013/02/25/12 https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 http://www.openwall.com/lists/oss-security/2013/02/24/3 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10 https://bugzilla.redhat.com/show_bug.cgi?id=915052 http://www.ubuntu.com/usn/USN-1751-1 http://www.ubuntu.com/usn/USN-1750-1 http://www.ubuntu.com/usn/USN-1749-1 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.exploit-db.com/exploits/24555 http://www.exploit-db.com/exploits/24746 http://www.exploit-db.com/exploits/33336 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 https://access.redhat.com/errata/RHSA-2013:0622 https://nvd.nist.gov https://usn.ubuntu.com/1749-1/https://www.exploit-db.com/exploits/33336/

CVE-2013-1763

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect