Main Vulnerability Database SB2013111203

SB2013111203 - Security restrictions bypass in Linux Kernel

Published: November 12, 2013

Security Bulletin ID SB2013111203

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2013-2929)

The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information and bypass security restrictions on the target system.

The weakness exists due to improper use of the get_dumpable function. A local attacker can gain access to potentially sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h, or bypass intended ptrace restrictions.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d049f74f2dbe71354d43d3...