CVE-2013-1828
CVE-2013-1828
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/24747unverifiedexploitdbwww.exploit-db.com/exploits/24747unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=726bc6b092da4c093eb74d13c07184b18c1af0f1http://grsecurity.net/~spender/sctp.chttps://bugzilla.redhat.com/show_bug.cgi?id=919315https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1http://twitter.com/grsecurity/statuses/309805924749541376http://www.exploit-db.com/exploits/24747http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4http://www.openwall.com/lists/oss-security/2013/03/08/2