ID:4450 - Exploit for Input validation error in Linux kernel - CVE-2013-1828

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4450 - Exploit for Input validation error in Linux kernel - CVE-2013-1828

ID:4450 - Exploit for Input validation error in Linux kernel - CVE-2013-1828

Published: August 11, 2020


Vulnerability identifier: #VU42968
Vulnerability risk: High
CVE-ID: CVE-2013-1828
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Linux kernel

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.


Remediation

Install update from vendor's website.