** Description changed: - Linux kernel built with the IP Virtual Server(CONFIG_IP_VS) support is - vulnerable to a buffer overflow flaw. It could occur while setting or - retrieving socket options via setsockopt(2) or getsockopt(2) calls. - Though a user needs to have CAP_NET_ADMIN privileges to perform these - IP_VS operations. A user/program with CAP_NET_ADMIN privileges could use - this flaw to further escalate their privileges on a system. + Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c + in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow + local users to gain privileges by leveraging the CAP_NET_ADMIN + capability for (1) a getsockopt system call, related to the + do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to + the do_ip_vs_set_ctl function. A user/program with CAP_NET_ADMIN + privileges could use this flaw to further escalate their privileges on a + system. Break-Fix: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 04bcef2a83f40c6db24222b27a52892cba39dffb
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1252424 Title: CVE-2013-4588 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1252424/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
