CVE-2013-4270

2013-12-09 19:55:09 2014-03-06 05:47:27

The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2003 x64 HP Insight Diagnostics 7.5.0-14 Online Edition for Linux HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2000 HP Insight Diagnostics 7.0.0.1198 Online Edition for Windows 2000 HP Insight Management Agents 7.40.1.0 HP Ignite-UX C.7.7.93 HP Ignite-UX B.5.1 HP Ignite-UX C.6.6 HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2003 HP Insight Diagnostics 7.5.4 Offline Edition HP Insight Management Agent 8.26.0.0 HP Insight Control Performance Management 5.2 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows 2000 HP Insight Diagnostics 6.3.0-15 Online Edition for Linux HP Insight Diagnostics 6.3.0-15 Online Edition for Linux HP Insight Diagnostics Online Edition For Windows 8.1.1 HP Insight Diagnostics 6.2.1 (A) Offline Edition HP Insight Diagnostics 6.3.1.887 Offline Edition HP Insight Diagnostics 6.2.1 (A) Offline Edition HP Insight Diagnostics Online Edition For Windows 7.8.0 HP Insight Diagnostics 6.0.0 (A) Offline Edition HP Insight Management Agent 7.90.0.0 HP Insight Diagnostics 6.0.0 (A) Offline Edition HP Insight Management Agent 8.30.0.0 HP Insight Management Agent 7.70.0.0 HP Insight Control Performance Management 6.3 HP Insight Management Agent 8.60.0.0 HP Insight Management Agents 7.30.0.0 HP Insight Management Agent 7.80.0.0 HP Imaging Device Functions 10.0 HP iNode Management Center PC 5.1 E0304 HP Ignite-UX C.7.11.439 IMC Branch Intelligent Management System Software Module 5.0 HP Insight Diagnostics 7.3.0 Offline Edition HP iNode Management Center PC 5.1 HP Insight Diagnostics 7.9.0.2359 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.9.1-15 Online Edition for Linux HP Insight Diagnostics 9.4.0.4710 HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics 7.9.0 Rev. A Offline Edition HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.9.0 Rev. A Offline Edition HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics Online Edition For Windows 7.4.0 Linux Linux kernel 3.10.7 (not an official CPE) Linux Linux kernel 3.10.4 (not an official CPE) Linux Linux kernel 3.10.5 (not an official CPE) HP Insight Diagnostics 7.6.0 Offline Edition HP Insight Diagnostics 7.6.0-23 Online Edition for Linux HP Insight Diagnostics 7.6.0 Offline Edition HP Insight Diagnostics 7.6.0-23 Online Edition for Linux Linux Linux kernel 3.10.8 (not an official CPE) Linux Linux kernel 3.10.9 (not an official CPE) Linux Linux kernel 3.10.6 (not an official CPE) HP Insight Management Wbem Providers For Windows Server 2003/2008 2.5.0.0 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.4.0.0 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.5.0.0 (x64) 64-bit HP Insight Management Wbem Providers For Windows Server 2003/2008 2.3.0.0 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.4.0.0 (x64) 64-bit HP Insight Management Wbem Providers For Windows Server 2003/2008 2.2.1.0 HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows Server 2003 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.3.0.0 (x64) 64-bit HP Insight Management Wbem Providers 2.5.0.0 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.2.1.0 (x64) 64-bit HP Insight Management Wbem Providers 2.6.0.0 HP Insight Diagnostics 7.5.2 Offline Edition HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2000 HP Insight Diagnostics 7.5.2 Offline Edition HP Insight Management Agents 7.90.0.0 HP Insight Management Agents 7.51.0.0 HP Insight Management Agents 6.30.0.0 HP Insight Management Agents 7.80.0.0 HP Insight Management Agent 8.70.0.0 HP Insight Management Agents 7.70.0.0 HP Insight Management Agents 6.40.0.0 HP Insight Management Agents 7.91.0.0 HP Insight Management Agents 6.31.0.0 (B) HP Insight Management Agents 7.10.0.0 HP Insight Management Agents 7.50.0.0 HP Insight Control Performance Management 5.0 HP Insight Management Agents 7.0.0.0 HP Insight Management Agents 7.41.0.0 HP Insight Management Agents 7.60.0.0 HP Insight Management Agents 7.20.0.0 HP Insight Diagnostics Online Edition For Windows 7.6.0 HP Insight Diagnostics Online Edition For Windows 8.1.5 HP Insight Diagnostics 7.7.101 (2097) Offline Edition HP Insight Diagnostics 7.9.0.2359 Online Edition for Windows Server 2003 x64 HP Insight Management Wbem Providers 2.8.0.0 HP Insight Management Wbem Providers 2.7.0.0 HP iNode Management Center PC 5.0 IMC Branch Intelligent Management System Software Module 5.1 IMC Branch Intelligent Management System Software Module 7.0 IMC Branch Intelligent Management System Software Module 5.2 HP iMC Service Operation Management Software module IMC Branch Intelligent Management System Software Module 7.0 E0201P02 HP Inkjet 2250 TN HP Info Center HP iNode Management Center PC 5.0 E0101 HP Insight Diagnostics 6.3.0.878 Online Edition for Windows 2003 HP Insight Diagnostics 6.3.0.878 Online Edition for Windows 2000 HP Insight Diagnostics Online Edition For Windows 8.4.0 HP Insight Management Agent 8.15.0.0 HP Insight Diagnostics Online Edition For Windows 8.6.0 HP Insight Diagnostics Online Edition For Windows 8.2.5 HP Insight Management Agent 8.11.0.0 HP Insight Diagnostics Online Edition For Windows 8.5.0 HP Insight Management Agent 8.20.0.0 HP Insight Management Agent 8.0.0.0 HP Insight Diagnostics Online Edition For Windows 8.7.0 HP Image Zone 4.7 HP Ignite-UX C.7.9.260 HP Ignite-UX C.7.9.261 HP Ignite-UX C.7.8 HP Ignite-UX C.7.9.254 HP Ignite-UX C.7.7.98 HP Imaging Barcode Scanner BW868AA HP Image Zone 5.3 HP Image Zone 4.5 HP Image Zone Express 1.5.1.29 HP Imaging Device Functions 6.0 Linux Linux kernel 3.10.15 (not an official CPE) HP Insight Diagnostics 7.0.2 (A) Offline Edition HP Imaging Device Functions 13.0 Linux Linux kernel 3.10.18 (not an official CPE) HP Imaging Device Functions 8.0 Linux Linux kernel 3.10.13 (not an official CPE) HP Imaging Device Functions 5.3 Linux Linux kernel 3.10.16 (not an official CPE) HP Insight Diagnostics 7.0.2 (A) Offline Edition HP Imaging Device Functions 12.0 Linux Linux kernel 3.10.11 (not an official CPE) HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows Server 2003 Linux Linux kernel 3.10.14 (not an official CPE) HP Insight Diagnostics 7.3.0 Offline Edition HP Imaging Device Functions 14.0 HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows Server 2003 HP Imaging Device Functions 11.6 Linux Linux kernel 3.10.12 (not an official CPE) Linux Linux kernel 3.10.10 (not an official CPE) Linux Linux kernel 3.11.4 (not an official CPE) Linux Linux kernel 3.11.3 (not an official CPE) HP Insight Diagnostics 7.0.0.1198 Online Edition for Windows 2000 HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows 2000 HP Insight Diagnostics 7.0.1-8 Online Edition for Linux HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows 2000 HP Imaging Device Functions 7.0 IMC Branch Intelligent Management System Software Module HP Imaging Device Functions 9.0 HP Insight Diagnostics 7.0.1-8 Online Edition for Linux Linux Linux kernel 3.10.17 (not an official CPE) HP Ignite-UX C.6.7 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.4.1 Offline Edition HP Insight Diagnostics 6.3.1-1 Online Edition for Linux HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows Server 2003 HP Ignite-UX C.7.0 HP Ignite-UX C.6.8 HP Insight Diagnostics 6.3.1-1 Online Edition for Linux HP Ignite-UX C.6.9.141 HP Insight Management Agent 8.40.0.0 HP Insight Diagnostics 7.4.1 Offline Edition HP Insight Diagnostics 6.3.0.878 Online Edition for Windows 2000 HP Insight Management Agent 8.50.0.0 Linux Linux kernel 3.11.2 (not an official CPE) Linux Linux kernel 3.11.1 (not an official CPE) HP Ignite-UX C.7.0.212 HP Insight Diagnostics 7.4.0-11 Online Edition for Linux HP Ignite-UX C.7.10.472 HP Ignite-UX C.6.9.150 HP Insight Diagnostics 7.4.0 HP Ignite-UX C.7.1 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows 2000 HP Ignite-UX C.6.4 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows 2000 HP Insight Diagnostics 7.4.0-11 Online Edition for Linux HP Ignite-UX C.7.1.92 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows 2003 x64 HP Ignite-UX C.6.5 HP Ignite-UX C.7.2 HP Insight Control Server Deployment HP Ignite-UX C.7.3.144 HP Ignite-UX C.7.11.444 HP Ignite-UX C.7.4.155 HP Ignite-UX C.7.2.93 HP Insight Management Agents 9.0.0.0 HP Insight Management Suite HP Insight Management Agents 8.70.0.0 HP Insight Management Agents 8.70.0.0 (B) HP Insight Diagnostics 7.7.0-142 Online Edition for Linux HP Insight Diagnostics 7.5.4 Offline Edition HP Ignite-UX C.7.3.148 HP Insight Control Performance Management 6.1 HP Insight Diagnostics 7.6.1 Offline Edition HP Insight Diagnostics 7.5.5-1 Online Edition for Linux HP Ignite-UX C.7.5 HP Insight Control Performance Management 6.2 HP Insight Diagnostics 6.4.1 (A) Offline Edition HP Insight Diagnostics 7.6.2 Rev. A Offline Edition HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows 2000 HP Insight Diagnostics 7.5.0-14 Online Edition for Linux HP Ignite-UX C.7.4.157 HP Insight Control Performance Management 5.2.2 HP Insight Diagnostics 6.5.0 (A) Offline Edition HP Insight Diagnostics 7.7.0 Rev. B Offline Edition HP Ignite-UX C.7.6.98 HP Ignite-UX B.4.1 HP Insight Control Performance Management 6.0 HP Ignite-UX C.7.6.100 HP Insight Management Wbem Providers 2.4.0.0 HP Insight Diagnostics 7.5.5-1 Online Edition for Linux HP Ignite-UX C.7.10.474 HP Insight Management Wbem Providers 2.2.1.0 HP Insight Diagnostics 7.7.0 Offline Edition HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows 2000 HP Insight Management Wbem Providers 2.3.0.0 HP Insight Diagnostics 7.7.0.2112 Online Edition for Windows Server 2003 HP Ignite-UX B.4.0 HP Ignite-UX B.5.0 HP Insight Diagnostics 6.5.0 (A) Offline Edition HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows 2003 x64 HP Ignite-UX B.4.2 HP Insight Diagnostics 6.4.1 (A) Offline Edition HP Insight Management Agents 7.40.0.0 HP Insight Diagnostics 7.7.0.2112 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.0.0-30 Online Edition for Linux HP Ignite-UX B.3.8 HP Ignite-UX B.4.4 HP Insight Diagnostics 7.0.0-30 Online Edition for Linux HP Insight Management Agents 7.95.0.0 HP Ignite-UX B.4.3 HP Ignite-UX B.5.3 HP Ignite-UX B.5.2 HP Ignite-UX C.6.1 HP Ignite-UX C.6.2.241 Linux Linux kernel 3.11 (not an official CPE) HP Ignite-UX C.6.2 HP Ignite-UX B.5.4 HP Ignite-UX C.6.3 HP Ignite-UX C.6.10 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows 2003 x64 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows 2000 HP Insight Management Agents 8.50.0.0 HP Insight Management Agents 8.30.0.0 HP Insight Management Agents 8.40.0.0 HP Insight Management Agents 8.22.0.0 HP Insight Management Agents 8.15.0.0 HP Insight Management Agents 8.1.0.0 HP Insight Management Agents 8.60.0.0 HP Insight Management Agents 8.10.0.0 HP Insight Management Agents 8.5 HP Insight Management Agents 8.11.0.0 HP Insight Diagnostics 7.9.0.2359 Online Edition for Windows Server 2003 HP Insight Management Agents 8.26.0.0 HP Insight Diagnostics 7.9.0 Offline Edition HP Insight Management Agents 8.0.0.0 HP Insight Management Agents 8.20.0.0 HP Insight Diagnostics 7.9.0-105 Online Edition for Linux HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics 7.9.0 HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics 7.9.0 Offline Edition HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.8.0-159 Online Edition for Linux HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 HP Insight Diagnostics Online Edition For Windows 8.0.0

Linux - Linux kernel

Advisory	Patch	Confirmed	Link
			http://git.kernel.org/?p=linux/kernel/git/torvalds/linux...
			https://bugzilla.redhat.com/show_bug.cgi?id=1027752
			USN-2049-1
			http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3....
			https://github.com/torvalds/linux/commit/2433c8f094a0088...
			RHSA-2014:0100

Improper Input Validation (ID 20)

Related CAPEC 58 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Zone Scripting (CAPEC-ID 104) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Object Relational Mapping Injection (CAPEC-ID 109) SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) LDAP Injection (CAPEC-ID 136) Relative Path Traversal (CAPEC-ID 139) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Variable Manipulation (CAPEC-ID 171) Embedding Scripts in Non-Script Elements (CAPEC-ID 18) Flash Injection (CAPEC-ID 182) Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199) Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22) XML Nested Payloads (CAPEC-ID 230) XML Oversized Payloads (CAPEC-ID 231) Filter Failure through Buffer Overflow (CAPEC-ID 24) Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244) XML Injection (CAPEC-ID 250) Environment Variable Manipulation (CAPEC-ID 264) Global variable manipulation (CAPEC-ID 265) Leverage Alternate Encoding (CAPEC-ID 267) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) Accessing/Intercepting/Modifying HTTP Cookies (CAPEC-ID 31) Embedding Scripts in HTTP Query Strings (CAPEC-ID 32) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Signature Spoof (CAPEC-ID 473) XML Client-Side Attack (CAPEC-ID 484) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Simple Script Injection (CAPEC-ID 63) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) User-Controlled Filename (CAPEC-ID 73) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) Web Logs Tampering (CAPEC-ID 81) XPath Injection (CAPEC-ID 83) AJAX Fingerprinting (CAPEC-ID 85) Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86) OS Command Injection (CAPEC-ID 88) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91) XML Parser Attack (CAPEC-ID 99)