Vulnerability Details : CVE-2013-1763
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
Vulnerability category: Input validation
Threat overview for CVE-2013-1763
Top countries where our scanners detected CVE-2013-1763
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2013-1763 156,974
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-1763!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-1763
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1763
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-1763
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1763
-
http://www.exploit-db.com/exploits/24555
Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Local Privilege Escalation (1) - Linux_x86-64 local ExploitThird Party Advisory;VDB Entry
-
https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
sock_diag: Fix out-of-bounds access to sock_diag_handlers[] · torvalds/linux@6e601a5 · GitHubPatch
-
https://bugzilla.redhat.com/show_bug.cgi?id=915052
915052 – (CVE-2013-1763) CVE-2013-1763 kernel: sock_diag: out-of-bounds access to sock_diag_handlers[]Issue Tracking
-
http://www.ubuntu.com/usn/USN-1750-1
USN-1750-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html
[security-announce] openSUSE-SU-2013:0395-1: important: kernel: fixed loThird Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
Broken Link
-
http://www.exploit-db.com/exploits/33336
Linux Kernel 3.3 < 3.8 (Ubuntu / Fedora 18) - 'sock_diag_handlers()' Local Privilege Escalation (3) - Linux local ExploitThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-1749-1
USN-1749-1: Linux kernel (Quantal HWE) vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1751-1
USN-1751-1: Linux kernel (OMAP4) vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
mandriva.comBroken Link
-
http://openwall.com/lists/oss-security/2013/02/25/12
oss-security - Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]Mailing List
-
http://www.exploit-db.com/exploits/24746
Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Local Privilege Escalation (2) - Linux_x86-64 local ExploitThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2013/02/24/3
oss-security - Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]Mailing List
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10
Broken Link
Products affected by CVE-2013-1763
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*