Linux Kernel 3.2.53/3.4.72/3.10.22/3.12.3 recvmsg net/ipx/af_ipx.c ipx_recvmsg CONFIG_NET uninitialized resource
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.8 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Linux Kernel 3.2.53/3.4.72/3.10.22/3.12.3. This affects the function ipx_recvmsg of the file net/ipx/af_ipx.c of the component recvmsg Handler. The manipulation of the argument CONFIG_NET results in uninitialized resource.
This vulnerability is reported as CVE-2013-6463. No exploit exists.
It is advisable to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in Linux Kernel 3.2.53/3.4.72/3.10.22/3.12.3 (Operating System). Affected is the function ipx_recvmsg of the file net/ipx/af_ipx.c of the component recvmsg Handler. The manipulation of the argument CONFIG_NET with an unknown input leads to a uninitialized resource vulnerability. CWE is classifying the issue as CWE-908. The product uses or accesses a resource that has not been initialized. This is going to have an impact on confidentiality. CVE summarizes:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271. Reason: This candidate is a duplicate of CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and CVE-2013-7271. Notes: All CVE users should reference CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, and/or CVE-2013-7271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
The bug was discovered 11/21/2013. The weakness was disclosed 11/21/2013 by Hannes Frederic Sowa as net: rework recvmsg handler msg_name and msg_namelen logic as confirmed git commit (GIT Repository). The advisory is shared for download at git.kernel.org. This vulnerability is traded as CVE-2013-6463 since 11/04/2013. The exploitability is told to be easy. The attack needs to be approached locally. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 83608 (SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0140-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 167280 (OpenSuSE Security Update for kernel (openSUSE-SU-2014:1246-1)).
Upgrading to version 3.2.54, 3.4.73, 3.10.23 or 3.12.4 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (83608), SecurityFocus (BID 62740†), OSVDB (101656†) and Secunia (SA55882†). The entries VDB-10574, VDB-11365, VDB-11755 and VDB-11756 are pretty similar. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.0VulDB Meta Temp Score: 3.8
VulDB Base Score: 4.0
VulDB Temp Score: 3.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Uninitialized resourceCWE: CWE-908
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 83608
Nessus Name: SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0140-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Kernel 3.2.54/3.4.73/3.10.23/3.12.4
Patch: git.kernel.org
Timeline
11/04/2013 🔍11/21/2013 🔍
11/21/2013 🔍
11/21/2013 🔍
11/21/2013 🔍
01/06/2014 🔍
01/06/2014 🔍
01/06/2014 🔍
05/20/2015 🔍
03/29/2019 🔍
Sources
Vendor: kernel.orgAdvisory: net: rework recvmsg handler msg_name and msg_namelen logic
Researcher: Hannes Frederic Sowa
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-6463 (🔍)
GCVE (CVE): GCVE-0-2013-6463
GCVE (VulDB): GCVE-100-11712
OVAL: 🔍
SecurityFocus: 62740
Secunia: 55882 - Linux Kernel "recvmsg()" and "recvfrom()" Information Disclosure Weakn, Not Critical
OSVDB: 101656
See also: 🔍
Entry
Created: 01/06/2014 09:58Updated: 03/29/2019 15:46
Changes: 01/06/2014 09:58 (72), 03/29/2019 15:46 (2)
Complete: 🔍
Committer: olku
Cache ID: 216:C71:103
No comments yet. Languages: en.
Please log in to comment.