Launchpad.net

CVE 2013-1858

The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process.

Related bugs and status

CVE-2013-1858 (Candidate) is related to these bugs:

Bug #1156778: CVE-2013-1858

		In	Importance	Status
1156778	CVE-2013-1858	linux (Ubuntu)	High	Invalid
1156778	CVE-2013-1858	linux-fsl-imx51 (Ubuntu)	High	Invalid
1156778	CVE-2013-1858	linux-mvl-dove (Ubuntu)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-maverick (Ubuntu)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-natty (Ubuntu)	Undecided	Invalid
1156778	CVE-2013-1858	linux-ti-omap4 (Ubuntu)	High	Invalid
1156778	CVE-2013-1858	linux-ec2 (Ubuntu)	High	Invalid
1156778	CVE-2013-1858	linux (Ubuntu Raring)	High	Won't Fix
1156778	CVE-2013-1858	linux-ec2 (Ubuntu Raring)	High	Invalid
1156778	CVE-2013-1858	linux-fsl-imx51 (Ubuntu Raring)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-maverick (Ubuntu Raring)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-natty (Ubuntu Raring)	Undecided	Invalid
1156778	CVE-2013-1858	linux-mvl-dove (Ubuntu Raring)	High	Invalid
1156778	CVE-2013-1858	linux-ti-omap4 (Ubuntu Raring)	High	Won't Fix
1156778	CVE-2013-1858	linux (Ubuntu Quantal)	High	Invalid
1156778	CVE-2013-1858	linux-ec2 (Ubuntu Quantal)	High	Invalid
1156778	CVE-2013-1858	linux-fsl-imx51 (Ubuntu Quantal)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-maverick (Ubuntu Quantal)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-natty (Ubuntu Quantal)	Undecided	Invalid
1156778	CVE-2013-1858	linux-mvl-dove (Ubuntu Quantal)	High	Invalid
1156778	CVE-2013-1858	linux-ti-omap4 (Ubuntu Quantal)	High	Invalid
1156778	CVE-2013-1858	linux (Ubuntu Precise)	High	Invalid
1156778	CVE-2013-1858	linux-ec2 (Ubuntu Precise)	High	Invalid
1156778	CVE-2013-1858	linux-fsl-imx51 (Ubuntu Precise)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-maverick (Ubuntu Precise)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-natty (Ubuntu Precise)	Undecided	Invalid
1156778	CVE-2013-1858	linux-mvl-dove (Ubuntu Precise)	High	Invalid
1156778	CVE-2013-1858	linux-ti-omap4 (Ubuntu Precise)	High	Invalid
1156778	CVE-2013-1858	linux (Ubuntu Oneiric)	High	Invalid
1156778	CVE-2013-1858	linux-ec2 (Ubuntu Oneiric)	High	Invalid
1156778	CVE-2013-1858	linux-fsl-imx51 (Ubuntu Oneiric)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-maverick (Ubuntu Oneiric)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-natty (Ubuntu Oneiric)	Undecided	Invalid
1156778	CVE-2013-1858	linux-mvl-dove (Ubuntu Oneiric)	High	Invalid
1156778	CVE-2013-1858	linux-ti-omap4 (Ubuntu Oneiric)	High	Invalid
1156778	CVE-2013-1858	linux (Ubuntu Lucid)	High	Invalid
1156778	CVE-2013-1858	linux-ec2 (Ubuntu Lucid)	High	Invalid
1156778	CVE-2013-1858	linux-fsl-imx51 (Ubuntu Lucid)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-maverick (Ubuntu Lucid)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-natty (Ubuntu Lucid)	Undecided	Invalid
1156778	CVE-2013-1858	linux-mvl-dove (Ubuntu Lucid)	High	Invalid
1156778	CVE-2013-1858	linux-ti-omap4 (Ubuntu Lucid)	High	Invalid
1156778	CVE-2013-1858	linux (Ubuntu Hardy)	High	Invalid
1156778	CVE-2013-1858	linux-ec2 (Ubuntu Hardy)	High	Invalid
1156778	CVE-2013-1858	linux-fsl-imx51 (Ubuntu Hardy)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-maverick (Ubuntu Hardy)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-natty (Ubuntu Hardy)	Undecided	Invalid
1156778	CVE-2013-1858	linux-mvl-dove (Ubuntu Hardy)	High	Invalid
1156778	CVE-2013-1858	linux-ti-omap4 (Ubuntu Hardy)	High	Invalid
1156778	CVE-2013-1858	linux-armadaxp (Ubuntu)	High	Invalid
1156778	CVE-2013-1858	linux-armadaxp (Ubuntu Hardy)	High	Invalid
1156778	CVE-2013-1858	linux-armadaxp (Ubuntu Lucid)	High	Invalid
1156778	CVE-2013-1858	linux-armadaxp (Ubuntu Oneiric)	High	Invalid
1156778	CVE-2013-1858	linux-armadaxp (Ubuntu Precise)	High	Invalid
1156778	CVE-2013-1858	linux-armadaxp (Ubuntu Quantal)	High	Invalid
1156778	CVE-2013-1858	linux-armadaxp (Ubuntu Raring)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-oneiric (Ubuntu)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-oneiric (Ubuntu Hardy)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-oneiric (Ubuntu Lucid)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-oneiric (Ubuntu Oneiric)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-oneiric (Ubuntu Precise)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-oneiric (Ubuntu Quantal)	High	Invalid
1156778	CVE-2013-1858	linux-lts-backport-oneiric (Ubuntu Raring)	High	Invalid
1156778	CVE-2013-1858	linux-lts-quantal (Ubuntu)	High	Invalid
1156778	CVE-2013-1858	linux-lts-quantal (Ubuntu Hardy)	High	Invalid
1156778	CVE-2013-1858	linux-lts-quantal (Ubuntu Lucid)	High	Invalid
1156778	CVE-2013-1858	linux-lts-quantal (Ubuntu Oneiric)	High	Invalid
1156778	CVE-2013-1858	linux-lts-quantal (Ubuntu Precise)	High	Invalid
1156778	CVE-2013-1858	linux-lts-quantal (Ubuntu Quantal)	High	Invalid
1156778	CVE-2013-1858	linux-lts-quantal (Ubuntu Raring)	High	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-1858

Related bugs and status

Related bugs

References