Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2013-4588 |
CWE-ID | CWE-119 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU42352
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4588
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
glibc-common-2.17-55.84.amzn1.i686
glibc-debuginfo-2.17-55.84.amzn1.i686
nscd-2.17-55.84.amzn1.i686
glibc-devel-2.17-55.84.amzn1.i686
glibc-debuginfo-common-2.17-55.84.amzn1.i686
glibc-utils-2.17-55.84.amzn1.i686
glibc-static-2.17-55.84.amzn1.i686
glibc-2.17-55.84.amzn1.i686
glibc-headers-2.17-55.84.amzn1.i686
src:
glibc-2.17-55.84.amzn1.src
x86_64:
glibc-static-2.17-55.84.amzn1.x86_64
glibc-headers-2.17-55.84.amzn1.x86_64
glibc-common-2.17-55.84.amzn1.x86_64
glibc-utils-2.17-55.84.amzn1.x86_64
glibc-devel-2.17-55.84.amzn1.x86_64
glibc-2.17-55.84.amzn1.x86_64
glibc-debuginfo-2.17-55.84.amzn1.x86_64
nscd-2.17-55.84.amzn1.x86_64
glibc-debuginfo-common-2.17-55.84.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2014-355.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.