Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1792

Overview

Vulnerability Score 4.7 4.7
CVE Id CVE-2013-1792
Last Modified 05 Mar 2014 11:44:37
Published 22 Mar 2013 07:59:11
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1792

Summary

Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads.

Vulnerable Systems

Operating System

  • Linux Kernel 3.8.0

  • Linux Kernel 3.8.1

  • Linux Kernel 3.8.2


References

CONFIRM - https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=916646

MLIST - [oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3

UBUNTU - USN-1788-1

UBUNTU - USN-1787-1

UBUNTU - USN-1798-1

UBUNTU - USN-1797-1

UBUNTU - USN-1796-1

UBUNTU - USN-1795-1

UBUNTU - USN-1794-1

UBUNTU - USN-1793-1

UBUNTU - USN-1792-1

REDHAT - RHSA-2013:0744

MANDRIVA - MDVSA-2013:176

SUSE - openSUSE-SU-2013:1187

SUSE - openSUSE-SU-2014:0204


Last Updated: 27 May 2016 11:02:07