Candidate: CVE-2013-1958 PublicDate: 2013-04-24 19:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1958 http://www.openwall.com/lists/oss-security/2013/04/16 Description: The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. Ubuntu-Description: Notes: Bugs: Priority: medium Discovered-by: Andy Lutomirski Assigned-to: CVSS: Patches_linux: break-fix: 49f4d8b93ccf9454284b6f524b96c66d8d7fbccc 92f28d973cce45ef5823209aab3138eb45d8b349 upstream_linux: released (3.9~rc5) hardy_linux: not-affected lucid_linux: not-affected oneiric_linux: not-affected precise_linux: not-affected quantal_linux: not-affected devel_linux: not-affected (3.8.0-17.27) Patches_linux-ec2: upstream_linux-ec2: released (3.9~rc5) hardy_linux-ec2: DNE lucid_linux-ec2: not-affected oneiric_linux-ec2: DNE precise_linux-ec2: DNE quantal_linux-ec2: DNE devel_linux-ec2: DNE Patches_linux-mvl-dove: upstream_linux-mvl-dove: released (3.9~rc5) hardy_linux-mvl-dove: DNE lucid_linux-mvl-dove: ignored (reached end-of-life) oneiric_linux-mvl-dove: DNE precise_linux-mvl-dove: DNE quantal_linux-mvl-dove: DNE devel_linux-mvl-dove: DNE Patches_linux-ti-omap4: upstream_linux-ti-omap4: released (3.9~rc5) hardy_linux-ti-omap4: DNE lucid_linux-ti-omap4: DNE oneiric_linux-ti-omap4: not-affected precise_linux-ti-omap4: not-affected quantal_linux-ti-omap4: not-affected devel_linux-ti-omap4: not-affected Patches_linux-lts-backport-maverick: upstream_linux-lts-backport-maverick: released (3.9~rc5) hardy_linux-lts-backport-maverick: DNE lucid_linux-lts-backport-maverick: ignored (reached end-of-life) oneiric_linux-lts-backport-maverick: DNE precise_linux-lts-backport-maverick: DNE quantal_linux-lts-backport-maverick: DNE devel_linux-lts-backport-maverick: DNE Patches_linux-fsl-imx51: upstream_linux-fsl-imx51: released (3.9~rc5) hardy_linux-fsl-imx51: DNE lucid_linux-fsl-imx51: ignored (reached end-of-life, does not affect buildd) oneiric_linux-fsl-imx51: DNE precise_linux-fsl-imx51: DNE quantal_linux-fsl-imx51: DNE devel_linux-fsl-imx51: DNE Patches_linux-lts-backport-oneiric: upstream_linux-lts-backport-oneiric: released (3.9~rc5) hardy_linux-lts-backport-oneiric: DNE lucid_linux-lts-backport-oneiric: not-affected oneiric_linux-lts-backport-oneiric: DNE precise_linux-lts-backport-oneiric: DNE quantal_linux-lts-backport-oneiric: DNE devel_linux-lts-backport-oneiric: DNE Patches_linux-linaro-omap: upstream_linux-linaro-omap: released (3.9~rc5) hardy_linux-linaro-omap: DNE lucid_linux-linaro-omap: DNE oneiric_linux-linaro-omap: ignored (abandoned) precise_linux-linaro-omap: ignored (abandoned) quantal_linux-linaro-omap: ignored (abandoned) devel_linux-linaro-omap: ignored (abandoned) Patches_linux-linaro-shared: upstream_linux-linaro-shared: released (3.9~rc5) hardy_linux-linaro-shared: DNE lucid_linux-linaro-shared: DNE oneiric_linux-linaro-shared: ignored (abandoned) precise_linux-linaro-shared: ignored (abandoned) quantal_linux-linaro-shared: ignored (abandoned) devel_linux-linaro-shared: ignored (abandoned) Patches_linux-linaro-vexpress: upstream_linux-linaro-vexpress: released (3.9~rc5) hardy_linux-linaro-vexpress: DNE lucid_linux-linaro-vexpress: DNE oneiric_linux-linaro-vexpress: ignored (abandoned) precise_linux-linaro-vexpress: ignored (abandoned) quantal_linux-linaro-vexpress: ignored (abandoned) devel_linux-linaro-vexpress: ignored (abandoned) Patches_linux-qcm-msm: upstream_linux-qcm-msm: released (3.9~rc5) hardy_linux-qcm-msm: DNE lucid_linux-qcm-msm: ignored (abandoned) oneiric_linux-qcm-msm: ignored (abandoned) precise_linux-qcm-msm: ignored (abandoned) quantal_linux-qcm-msm: ignored (abandoned) devel_linux-qcm-msm: ignored (abandoned) Tags_linux-armadaxp: not-ue Patches_linux-armadaxp: upstream_linux-armadaxp: released (3.9~rc5) hardy_linux-armadaxp: DNE lucid_linux-armadaxp: DNE oneiric_linux-armadaxp: DNE precise_linux-armadaxp: not-affected quantal_linux-armadaxp: not-affected devel_linux-armadaxp: DNE Patches_linux-lts-quantal: upstream_linux-lts-quantal: released (3.9~rc5) hardy_linux-lts-quantal: DNE lucid_linux-lts-quantal: DNE oneiric_linux-lts-quantal: DNE precise_linux-lts-quantal: not-affected quantal_linux-lts-quantal: DNE devel_linux-lts-quantal: DNE