Vulnerability-Lookup

CVE-2013-4300 (GCVE-0-2013-4300)

Vulnerability from cvelistv5 – Published: 2013-09-25 10:00 – Updated: 2024-08-06 16:38

Summary

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

CERTA-2013-AVI-597

Vulnerability from certfr_avis - Published: 2013-10-22 - Updated: 2013-10-22

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Ubuntu. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 12.10
Ubuntu	Ubuntu	Ubuntu 13.04
Ubuntu	Ubuntu	Ubuntu 12.04 LTS

References

Title

Publication Time

FKIE_CVE-2013-4300

Vulnerability from fkie_nvd - Published: 2013-09-25 10:31 - Updated: 2025-04-11 00:51

Severity ?

Summary

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

References

URL	Tags
secalert@redhat.com	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e	Broken Link
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/05/3	Exploit, Mailing List, Patch
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1995-1	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1998-1	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1004736	Exploit, Issue Tracking, Patch
secalert@redhat.com	https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e	Exploit, Patch
secalert@redhat.com	https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/05/3	Exploit, Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1995-1	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1998-1	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1004736	Exploit, Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	3.9
linux	linux_kernel	3.9
linux	linux_kernel	3.9
linux	linux_kernel	3.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E995DC9-9601-451D-827F-FBB0F55E5F32",
              "versionEndExcluding": "3.9",
              "versionStartIncluding": "3.8.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "42633FF9-FB0C-4095-B4A1-8D623A98683B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "08C04619-89A2-4B15-82A2-48BCC662C1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "5B039196-7159-476C-876A-C61242CC41DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "3A9E0457-53C9-44DD-ACFB-31EE1D1E060E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n scm_check_creds en net/core/scm.c en el kernel de Linux anterior a la versi\u00f3n 3.11 realiza una comprobaci\u00f3n de la capacidad en un espacio de nombres incorrecto, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de PID spoofing."
    }
  ],
  "id": "CVE-2013-4300",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-25T10:31:29.160",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/05/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1995-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1998-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/05/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1995-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1998-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2013-4300

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

Aliases

CVE-2013-4300

Aliases

CVE-2013-4300

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4300",
    "description": "The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.",
    "id": "GSD-2013-4300",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-4300.html",
      "https://linux.oracle.com/cve/CVE-2013-4300.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-4300"
      ],
      "details": "The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.",
      "id": "GSD-2013-4300",
      "modified": "2023-12-13T01:22:16.789083Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-4300",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.ubuntu.com/usn/USN-1995-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1995-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1998-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1998-1"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e",
            "refsource": "MISC",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2013/09/05/3",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2013/09/05/3"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e",
            "refsource": "MISC",
            "url": "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e"
          },
          {
            "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2",
            "refsource": "MISC",
            "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.9",
                "versionStartIncluding": "3.8.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4300"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e"
            },
            {
              "name": "[oss-security] 20130904 Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Exploit",
                "Mailing List",
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/05/3"
            },
            {
              "name": "USN-1998-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1998-1"
            },
            {
              "name": "USN-1995-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1995-1"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-11-15T02:51Z",
      "publishedDate": "2013-09-25T10:31Z"
    }
  }
}

GHSA-29CH-F7XH-HRH2

Vulnerability from github – Published: 2022-05-17 04:58 – Updated: 2022-05-17 04:58

Details

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-4300"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-09-25T10:31:00Z",
    "severity": "HIGH"
  },
  "details": "The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.",
  "id": "GHSA-29ch-f7xh-hrh2",
  "modified": "2022-05-17T04:58:58Z",
  "published": "2022-05-17T04:58:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4300"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736"
    },
    {
      "type": "WEB",
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d661684cf6820331feae71146c35da83d794467e"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/05/3"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1995-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1998-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-4300 (GCVE-0-2013-4300)

CERTA-2013-AVI-597

Solution

FKIE_CVE-2013-4300

GSD-2013-4300

GHSA-29CH-F7XH-HRH2

Tags

Sightings

Nomenclature