Main Vulnerability Database SB2013112006

SB2013112006 - Multiple vulnerabilities in Linux kernel

Published: November 20, 2013 Updated: August 10, 2020

Security Bulletin ID SB2013112006

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2014-0203)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.

2) Buffer overflow (CVE-ID: CVE-2013-4588)

The vulnerability allows a local authenticated user to execute arbitrary code.

Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.

Remediation

Install update from vendor's website.

SB2013112006 - Multiple vulnerabilities in Linux kernel

Breakdown by Severity

Description

Remediation

References