vulnerability alert CVE-2013-1828
Linux kernel: buffer overflow via SCTP_GET_ASSOC_STATS
Synthesis of the vulnerability
A local attacker can use the SCTP_GET_ASSOC_STATS option on a SCTP socket, in order to trigger a buffer overflow in the kernel, which may lead to code execution.Impacted products: Fedora
BID-58389, CVE-2013-1828, FEDORA-2013-3630, FEDORA-2013-3909, VIGILANCE-VUL-12496.
Description of the vulnerability
The SCTP (Stream Control Transmission Protocol) protocol is used to transfer messages between two nodes, which represent an association.
The SCTP_GET_ASSOC_STATS option of getsockopt() returns statistics on the association to the user. In order to so, the sctp_getsockopt_assoc_stats() function of the net/sctp/socket.c file starts by copying data from user's array to a kernel memory buffer. However, this copy is done on the size of user's array, without being limited to the size of the storage buffer.
A local attacker can therefore use the SCTP_GET_ASSOC_STATS option on a SCTP socket, in order to trigger a buffer overflow in the kernel, which may lead to code execution.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides application vulnerability announces
. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The technology watch team tracks security threats targeting the computer system.