Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1848

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2013-1848
Last Modified 06 Feb 2014 11:46:28
Published 22 Mar 2013 07:59:11
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2013-1848

Summary

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.

Vulnerable Systems

Operating System

  • Linux Kernel 3.8.0

  • Linux Kernel 3.8.1

  • Linux Kernel 3.8.2

  • Linux Kernel 3.8.3


References

CONFIRM - https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=920783

MLIST - [oss-security] 20130320 CVE-2013-1848 -- Linux kernel: ext3: format string issues

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4

UBUNTU - USN-1814-1

UBUNTU - USN-1813-1

UBUNTU - USN-1812-1

UBUNTU - USN-1811-1

UBUNTU - USN-1809-1

REDHAT - RHSA-2013:0928

SUSE - openSUSE-SU-2013:0925

MANDRIVA - MDVSA-2013:176

REDHAT - RHSA-2013:1026

REDHAT - RHSA-2013:1051


Last Updated: 27 May 2016 11:02:07