Vulnerability Details : CVE-2013-6381
Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size.
Vulnerability category: OverflowDenial of service
Threat overview for CVE-2013-6381
Top countries where our scanners detected CVE-2013-6381
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2013-6381 158,553
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-6381!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-6381
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6381
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2013-6381
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6381
-
http://rhn.redhat.com/errata/RHSA-2014-0159.html
RHSA-2014:0159 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=1033600
1033600 – (CVE-2013-6381) CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctlIssue Tracking
-
http://www.securityfocus.com/bid/63890
Linux Kernel 'qeth_core_main.c' File Local Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2014-0284.html
RHSA-2014:0284 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2013/11/22/5
oss-security - Linux kernel CVE fixesMailing List
-
http://rhn.redhat.com/errata/RHSA-2014-0285.html
RHSA-2014:0285 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62
qeth: avoid buffer overflow in snmp ioctl · torvalds/linux@6fb392b · GitHubExploit;Patch
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fb392b1a63ae36c31f62bc3fc8630b49d602b62
Broken Link
Products affected by CVE-2013-6381
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*