[VIM] [CVENEW] New CVE CANs: 2013/03/22 06:00 ; count=14

coley at mitre.org coley at mitre.org
Fri Mar 22 05:05:28 CDT 2013


======================================================
Name: CVE-2013-0914
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130107
Category: 
Reference: MLIST:[oss-security] 20130311 CVE-2013-0914 Linux kernel sa_restorer information leak
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/11/8
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ca39528c01a933f6689cd6505ce65bd6d68a530
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=920499
Reference: CONFIRM:https://github.com/torvalds/linux/commit/2ca39528c01a933f6689cd6505ce65bd6d68a530

The flush_signal_handlers function in kernel/signal.c in the Linux
kernel before 3.8.4 preserves the value of the sa_restorer field
across an exec operation, which makes it easier for local users to
bypass the ASLR protection mechanism via a crafted application
containing a sigaction system call.



======================================================
Name: CVE-2013-1792
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/07/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=916646
Reference: CONFIRM:https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087

Race condition in the install_user_keyrings function in
security/keys/process_keys.c in the Linux kernel before 3.8.3 allows
local users to cause a denial of service (NULL pointer dereference and
system crash) via crafted keyctl system calls that trigger keyring
operations in simultaneous threads.



======================================================
Name: CVE-2013-1796
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/9
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c300aa64ddf57d9c5d9c898a64b36877345dd4a9
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=917012
Reference: CONFIRM:https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9

The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux
kernel through 3.8.4 does not ensure a required time_page alignment
during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users
to cause a denial of service (buffer overflow and host OS memory
corruption) or possibly have unspecified other impact via a crafted
application.



======================================================
Name: CVE-2013-1797
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/9
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b79459b482e85cb7426aa7da683a9f2c97aeae1
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=917013
Reference: CONFIRM:https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel
through 3.8.4 allows guest OS users to cause a denial of service (host
OS memory corruption) or possibly have unspecified other impact via a
crafted application that triggers use of a guest physical address
(GPA) in (1) movable or (2) removable memory during an
MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.



======================================================
Name: CVE-2013-1798
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/9
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a2c118bfab8bc6b8bb213abfc35201e441693d55
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=917017
Reference: CONFIRM:https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55

The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux
kernel through 3.8.4 does not properly handle a certain combination of
invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which
allows guest OS users to obtain sensitive information from host OS
memory or cause a denial of service (host OS OOPS) via a crafted
application.



======================================================
Name: CVE-2013-1826
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1826
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/07/2
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=864745d291b5ba80ea0bd0edcbe67273de368836
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=919384
Reference: CONFIRM:https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836

The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux
kernel before 3.5.7 does not properly handle error conditions in
dump_one_state function calls, which allows local users to gain
privileges or cause a denial of service (NULL pointer dereference and
system crash) by leveraging the CAP_NET_ADMIN capability.



======================================================
Name: CVE-2013-1827
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1827
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/07/2
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=919164
Reference: CONFIRM:https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to
gain privileges or cause a denial of service (NULL pointer dereference
and system crash) by leveraging the CAP_NET_ADMIN capability for a
certain (1) sender or (2) receiver getsockopt call.



======================================================
Name: CVE-2013-1828
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1828
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130307 Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/08/2
Reference: MISC:http://grsecurity.net/~spender/sctp.c
Reference: MISC:http://twitter.com/grsecurity/statuses/309805924749541376
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=726bc6b092da4c093eb74d13c07184b18c1af0f1
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=919315
Reference: CONFIRM:https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the
Linux kernel before 3.8.4 does not validate a size value before
proceeding to a copy_from_user operation, which allows local users to
gain privileges via a crafted application that contains an
SCTP_GET_ASSOC_STATS getsockopt system call.



======================================================
Name: CVE-2013-1848
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1848
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130320 CVE-2013-1848 -- Linux kernel: ext3: format string issues
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/8
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=920783
Reference: CONFIRM:https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect
arguments to functions in certain circumstances related to printk
input, which allows local users to conduct format-string attacks and
possibly gain privileges via a crafted application.



======================================================
Name: CVE-2013-1860
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1860
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130314 Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/15/3
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c0f5ecee4e741667b2493c742b60b6218d40b3aa
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=921970
Reference: CONFIRM:https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa

Heap-based buffer overflow in the wdm_in_callback function in
drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows
physically proximate attackers to cause a denial of service (system
crash) or possibly execute arbitrary code via a crafted cdc-wdm USB
device.



======================================================
Name: CVE-2013-1873
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1873
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-2634,
CVE-2013-2635, CVE-2013-2636.  Reason: This candidate is a duplicate
of CVE-2013-2634, CVE-2013-2635, and CVE-2013-2636.  Notes: All CVE
users should reference one or more of CVE-2013-2634, CVE-2013-2635,
and CVE-2013-2636 instead of this candidate.  All references and
descriptions in this candidate have been removed to prevent accidental
usage.



======================================================
Name: CVE-2013-2634
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: MLIST:[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=29cd8ae0e1a39e239a3a7b67da1986add1199fc0
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=923652
Reference: CONFIRM:https://github.com/torvalds/linux/commit/29cd8ae0e1a39e239a3a7b67da1986add1199fc0

net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize
certain structures, which allows local users to obtain sensitive
information from kernel stack memory via a crafted application.



======================================================
Name: CVE-2013-2635
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2635
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: MLIST:[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=84d73cd3fb142bf1298a8c13fd4ca50fd2432372
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=923652
Reference: CONFIRM:https://github.com/torvalds/linux/commit/84d73cd3fb142bf1298a8c13fd4ca50fd2432372

The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux
kernel before 3.8.4 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel
stack memory via a crafted application.



======================================================
Name: CVE-2013-2636
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2636
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: MLIST:[oss-security] 20130320 Re: Linux kernel: net - three info leaks in rtnl
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/20/1
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c085c49920b2f900ba716b4ca1c1a55ece9872cc
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=923652
Reference: CONFIRM:https://github.com/torvalds/linux/commit/c085c49920b2f900ba716b4ca1c1a55ece9872cc

net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not
initialize certain structures, which allows local users to obtain
sensitive information from kernel memory via a crafted application.





More information about the VIM mailing list