CVE-2013-1979medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.11
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://www.openwall.com/lists/oss-security/2013/04/29/1
https://bugzilla.redhat.com/show_bug.cgi?id=955629
https://github.com/torvalds/linux/commit/83f1b4ba917db5dc5a061a44b3403ddb6e783494
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.8.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.8.10 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 125250 | SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14051-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | medium |
| 78651 | SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 9750) | Nessus | SuSE Local Security Checks | high |
| 78650 | SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9746 / 9749 / 9751) | Nessus | SuSE Local Security Checks | high |
| 76660 | RHEL 6 : MRG (RHSA-2013:0829) | Nessus | Red Hat Local Security Checks | high |
| 74878 | openSUSE Security Update : kernel (openSUSE-SU-2013:1971-1) | Nessus | SuSE Local Security Checks | high |
| 69942 | Oracle Linux 5 / 6 : Unbreakable Enterprise Kernel (ELSA-2013-2546) | Nessus | Oracle Linux Local Security Checks | high |
| 68954 | SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 7991 / 7992 / 7994) | Nessus | SuSE Local Security Checks | medium |
| 68855 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2013-2525) | Nessus | Oracle Linux Local Security Checks | high |
| 66975 | Mandriva Linux Security Advisory : kernel (MDVSA-2013:176) | Nessus | Mandriva Local Security Checks | high |
| 66912 | SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7811 / 7813 / 7814) | Nessus | SuSE Local Security Checks | medium |
| 66587 | Ubuntu 12.04 LTS : linux vulnerabilities (USN-1833-1) | Nessus | Ubuntu Local Security Checks | high |
| 66486 | Debian DSA-2669-1 : linux - privilege escalation/denial of service/information leak | Nessus | Debian Local Security Checks | high |
| 66310 | Fedora 17 : kernel-3.8.11-100.fc17 (2013-6999) | Nessus | Fedora Local Security Checks | medium |
| 66303 | Ubuntu 13.04 : linux vulnerabilities (USN-1815-1) | Nessus | Ubuntu Local Security Checks | medium |
| 66248 | Fedora 18 : kernel-3.8.8-203.fc18 (2013-6537) | Nessus | Fedora Local Security Checks | medium |