Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
analyzing computer vulnerabilities since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert CVE-2013-1828

Linux kernel: buffer overflow via SCTP_GET_ASSOC_STATS

Synthesis of the vulnerability

A local attacker can use the SCTP_GET_ASSOC_STATS option on a SCTP socket, in order to trigger a buffer overflow in the kernel, which may lead to code execution.
Impacted products: Fedora, Linux.
Severity: 2/4.
Creation date: 08/03/2013.
Identifiers: BID-58389, CVE-2013-1828, FEDORA-2013-3630, FEDORA-2013-3909, VIGILANCE-VUL-12496.

Description of the vulnerability

The SCTP (Stream Control Transmission Protocol) protocol is used to transfer messages between two nodes, which represent an association.

The SCTP_GET_ASSOC_STATS option of getsockopt() returns statistics on the association to the user. In order to so, the sctp_getsockopt_assoc_stats() function of the net/sctp/socket.c file starts by copying data from user's array to a kernel memory buffer. However, this copy is done on the size of user's array, without being limited to the size of the storage buffer.

A local attacker can therefore use the SCTP_GET_ASSOC_STATS option on a SCTP socket, in order to trigger a buffer overflow in the kernel, which may lead to code execution.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability announces. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The technology watch team tracks security threats targeting the computer system.



















Copyright 1999-2014 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française