CVE-2013-1959

Loading...

General

Score:3.7/10.0
Severity:Low
Category:Access Control Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Local
Access Complexity:High
Authentication:None

Relative vulnerabilities

CVE-2013-1979

Published on 03/05/13 - Updated on 01/12/13

Description

kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2013-1959
Ubuntu USN-1815-1, USN-1815-1

Exploits

Exploit-DBEDB-25450

Relative technologies

VendorProduct
linuxlinux_kernel

Share this vulnerability with:

Twitter Facebook LinkedIn Mail