Vulnerability Details : CVE-2013-4300
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.
Threat overview for CVE-2013-4300
Top countries where our scanners detected CVE-2013-4300
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2013-4300 158,072
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-4300!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-4300
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4300
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-4300
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4300
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e
Broken Link
-
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.11.bz2
Patch
-
https://github.com/torvalds/linux/commit/d661684cf6820331feae71146c35da83d794467e
net: Check the correct namespace when spoofing pid over SCM_RIGHTS · torvalds/linux@d661684 · GitHubExploit;Patch
-
http://www.openwall.com/lists/oss-security/2013/09/05/3
oss-security - Re: CVE request: Kernel PID Spoofing Privilege Escalation VulnerabilityExploit;Mailing List;Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=1004736
1004736 – (CVE-2013-4300) CVE-2013-4300 Kernel: net: PID spoofing privilege escalation flawExploit;Issue Tracking;Patch
-
http://www.ubuntu.com/usn/USN-1998-1
USN-1998-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-1995-1
USN-1995-1: Linux kernel (Raring HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory;VDB Entry
Products affected by CVE-2013-4300
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*