-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0027 Title: Linux kernel Local Privilege Escalation Vulnerability [1] Version history: 27.03.2013 Initial publication Summary ======= Linux kernel is prone to a local privilege-escalation vulnerability because it fails to adequately bounds-check user-supplied input. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue may result in the complete compromise of the affected computers. CVE-2013-1763 Vulnerable systems ================== Linux kernel version 3.3 through version 3.5 are vulnerable; other versions may also be affected Original Details ================ It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. Attackers can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the kernel, denying service to legitimate users. What can you do? ================ Fix is available from different vendors What to tell your users? ======================== N/A More information ================ [1] http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1763.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJRLk4DAAoJEPpzpNLI8SVo5wwP/0/fPN1W7xR0DwRr4q82YNPP D/kWo0B6Tpyg91GiXzkWsM44MinmW0T9ETY3rZPVkD54BBEGnDfgCEKGkmoSH+S+ GMt3/ztWUbKy2xja8O53Yp9muFj9OqNep3AyHuKqlFkx3R8nDehFDl4QY/DyIntx XI8T0OIrhhQLIWutNoH+P2+voZ22RvVX5LDQ8P/+8cSB/VjXyGXM9HUo/U5bbhSO MdoosPFQE+vp9yfMsW/CxG0H4Wx0p+WMomlCaYPPTC+O963/SbkHo17tH4nUd5Ru 93CJW2G6Z4bfZCpBDJTRYJ+VZjO7qAPKJaRMJYLyDXlUMoTwU/bFVfyWJcS5dC5z bF16hevW4rMjg9IIrwxYfIuBMegQO7oSKEEknQ79PtDScoK6qqTFlHQQGuR1Mrnr vp5P18oam+hzxZEuAmj050+R+g3kSZOXhBq0/KreFVSkulBfXuvXQ3d3LoyUpEbo 7cZZ4tcs++CicZ2fa0s95fpJ1lBSSm+CHQR5NTD0brI5aStcLUeQZEqgZxuZjqmg 7PjG2aIv8ONRp+IxC3n9vnyG1bXm+FSiBdddwTWUhtqtLzx5zN6A+tb6omjcRoiy hdXebeh+5Oyx+sir+10XqN9Aj2frCzIA5TaksynVuFm+Wi/TDEkKuLSAVAeX7oTj UWxo7JwWRt+nGMfsHKHA =eXd5 -----END PGP SIGNATURE-----