Vulnerability-Lookup

CVE-2013-1826 (GCVE-0-2013-1826)

Vulnerability from cvelistv5 – Published: 2013-03-22 10:00 – Updated: 2024-08-06 15:13

Summary

The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.kernel.org/pub/linux/kernel/v3.x/Chang…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-1829-1	vendor-advisoryx_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/864745d2…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=919384	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0744.html	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2013/03/07/2	mailing-listx_refsource_MLIST
	http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:13:33.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"
          },
          {
            "name": "USN-1829-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1829-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"
          },
          {
            "name": "RHSA-2013:0744",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
          },
          {
            "name": "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-05-30T09:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"
        },
        {
          "name": "USN-1829-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1829-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"
        },
        {
          "name": "RHSA-2013:0744",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
        },
        {
          "name": "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1826",
    "datePublished": "2013-03-22T10:00:00.000Z",
    "dateReserved": "2013-02-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:13:33.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2013-AVI-259

Vulnerability from certfr_avis - Published: 2013-04-18 - Updated: 2013-04-18

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Long Life version 5.9 server
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux EUS version 5.9.z server
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux version 5 server
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Desktop version 5 client

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2013-0747 du 16 avril 2013	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2013-0747 du 16 avril 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux Long Life version 5.9 server",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux EUS version 5.9.z server",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux version 5 server",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Desktop version 5 client",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0231"
    },
    {
      "name": "CVE-2012-6537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6537"
    },
    {
      "name": "CVE-2013-1826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1826"
    },
    {
      "name": "CVE-2013-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0216"
    },
    {
      "name": "CVE-2012-6546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6546"
    },
    {
      "name": "CVE-2012-6547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6547"
    },
    {
      "name": "CVE-2012-6542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6542"
    }
  ],
  "initial_release_date": "2013-04-18T00:00:00",
  "last_revision_date": "2013-04-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0747 du 16 avril    2013",
      "url": "https://rhn.redhat.com/errata/RHSA-2013-0747.html"
    }
  ],
  "reference": "CERTA-2013-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau \u003cspan\nclass=\"textit\"\u003eLinux\u003c/span\u003e de \u003cspan class=\"textit\"\u003eRed Hat\u003c/span\u003e.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0747 du 16 avril 2013",
      "url": null
    }
  ]
}

CERTA-2013-AVI-269

Vulnerability from certfr_avis - Published: 2013-04-24 - Updated: 2013-04-24

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server EUS version 6.4.z
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Workstation version 6
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux HPC Node version 6
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server AUS version 6.4
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server version 6
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Desktop version 6

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2013-0744 du 23 avril 2013	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2013-0744 du 23 avril 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux Server EUS version 6.4.z",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Workstation version 6",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux HPC Node version 6",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server AUS version 6.4",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server version 6",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Desktop version 6",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-6537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6537"
    },
    {
      "name": "CVE-2013-1826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1826"
    },
    {
      "name": "CVE-2013-1798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1798"
    },
    {
      "name": "CVE-2013-0349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0349"
    },
    {
      "name": "CVE-2013-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1774"
    },
    {
      "name": "CVE-2013-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1767"
    },
    {
      "name": "CVE-2012-6546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6546"
    },
    {
      "name": "CVE-2013-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0913"
    },
    {
      "name": "CVE-2013-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1797"
    },
    {
      "name": "CVE-2013-1773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1773"
    },
    {
      "name": "CVE-2013-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1792"
    },
    {
      "name": "CVE-2013-1827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1827"
    },
    {
      "name": "CVE-2013-1796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1796"
    },
    {
      "name": "CVE-2012-6547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6547"
    }
  ],
  "initial_release_date": "2013-04-24T00:00:00",
  "last_revision_date": "2013-04-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0744 du 23 avril    2013",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
    }
  ],
  "reference": "CERTA-2013-AVI-269",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-04-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau Linux de\n\u003cspan class=\"textit\"\u003eRed Hat\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0744 du 23 avril 2013",
      "url": null
    }
  ]
}

GSD-2013-1826

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-1826

Aliases

CVE-2013-1826

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-1826",
    "description": "The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.",
    "id": "GSD-2013-1826",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-1826.html",
      "https://www.debian.org/security/2013/dsa-2668",
      "https://access.redhat.com/errata/RHSA-2013:0747",
      "https://access.redhat.com/errata/RHSA-2013:0744",
      "https://linux.oracle.com/cve/CVE-2013-1826.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-1826"
      ],
      "details": "The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.",
      "id": "GSD-2013-1826",
      "modified": "2023-12-13T01:22:20.760410Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-1826",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-0744.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
          },
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7",
            "refsource": "MISC",
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836",
            "refsource": "MISC",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2013/03/07/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1829-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1829-1"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836",
            "refsource": "MISC",
            "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=919384",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.5.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-1826"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"
            },
            {
              "name": "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=919384",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"
            },
            {
              "name": "USN-1829-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1829-1"
            },
            {
              "name": "RHSA-2013:0744",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836",
              "refsource": "MISC",
              "tags": [],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T00:27Z",
      "publishedDate": "2013-03-22T11:59Z"
    }
  }
}

GHSA-PF2C-9979-GM9F

Vulnerability from github – Published: 2022-05-17 05:09 – Updated: 2022-05-17 05:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-1826"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-03-22T11:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.",
  "id": "GHSA-pf2c-9979-gm9f",
  "modified": "2022-05-17T05:09:08Z",
  "published": "2022-05-17T05:09:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1826"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=864745d291b5ba80ea0bd0edcbe67273de368836"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1829-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2013-1826

Vulnerability from fkie_nvd - Published: 2013-03-22 11:59 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	secalert@redhat.com	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-0744.html
	secalert@redhat.com	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/03/07/2
	secalert@redhat.com	http://www.ubuntu.com/usn/USN-1829-1
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=919384
	secalert@redhat.com	https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836
	af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0744.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/03/07/2
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1829-1
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=919384
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	3.5.1
linux	linux_kernel	3.5.2
linux	linux_kernel	3.5.3
linux	linux_kernel	3.5.4
linux	linux_kernel	3.5.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F163243-B6A0-4018-9B03-673F36E1741C",
              "versionEndIncluding": "3.5.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n xfrm_state_netlink en net/xfrm/xfrm_user.c en el kernel de Linux anterior a v3.5.7 no controla correctamente las condiciones de error en las llamadas a funciones dump_one_state, permitiendo a usuarios locales obtener privilegios o causar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda del sistema ) mediante el aprovechamiento de la capacidad CAP_NET_ADMIN."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
  "evaluatorImpact": "Per https://bugzilla.redhat.com/show_bug.cgi?id=919384\r\n\"This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.  Future kernel updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 may address this issue.\"",
  "id": "CVE-2013-1826",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-03-22T11:59:11.607",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1829-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1829-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-1826 (GCVE-0-2013-1826)

CERTA-2013-AVI-259

Solution

CERTA-2013-AVI-269

Solution

GSD-2013-1826

GHSA-PF2C-9979-GM9F

FKIE_CVE-2013-1826

Tags

Sightings

Nomenclature