Vulnerability CVE-2013-1828: Information

Description

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-1828
Published: March 22, 2013
Modified: Aug. 11, 2023
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://twitter.com/grsecurity/statuses/309805924749541376
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=919315
  • Issue Tracking
  • Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
  • Vendor Advisory
http://grsecurity.net/~spender/sctp.c
  • Exploit
  • Third Party Advisory
[oss-security] 20130307 Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow
  • Mailing List
  • Third Party Advisory
https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1
  • Exploit
  • Patch
  • Third Party Advisory
24747
  • Third Party Advisory
  • VDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=726bc6b092da4c093eb74d13c07184b18c1af0f1
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      3.8
      End excliding
      3.8.4
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top