CVE-2013-2547
CVE-2013-2547
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.htmlhttps://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6http://www.mandriva.com/security/advisories?name=MDVSA-2013:176http://www.openwall.com/lists/oss-security/2013/03/05/13http://www.ubuntu.com/usn/USN-1793-1http://www.ubuntu.com/usn/USN-1794-1http://www.ubuntu.com/usn/USN-1795-1http://www.ubuntu.com/usn/USN-1796-1http://www.ubuntu.com/usn/USN-1797-1