** Description changed: - An unprivileged user can send a netlink message resulting in an out-of- - bounds access of the sock_diag_handlers[] array which, in turn, allows - userland to take over control while in kernel mode. + Array index error in the __sock_diag_rcv_msg function in + net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local + users to gain privileges via a large family value in a Netlink message.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1132896 Title: CVE-2013-1763 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1132896/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
