Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation

Added: 05/13/2014
CVE: CVE-2013-1763
BID: 58137
OSVDB: 90604

Background

Netlink is a feature of the Linux kernel which allows communication between kernel and user space.

Problem

An array index error in the __sock_diag_rcv_msg function in the Linux kernel allows local users to gain root privileges by sending a Netlink message with a large family value.

Resolution

Upgrade to Linux kernel 3.7.10 or higher or install the appropriate package update from the operating system vendor.

References

http://seclists.org/oss-sec/2013/q1/420
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10

Limitations

Exploit works on Ubuntu or Fedora and requires an existing unprivileged shell connection to the target.

Platforms

Linux

Back to exploit index