Launchpad.net

CVE 2013-7267

The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Related bugs and status

CVE-2013-7267 (Candidate) is related to these bugs:

Bug #1267082: CVE-2013-7267

		In	Importance	Status
1267082	CVE-2013-7267	linux (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-fsl-imx51 (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-mvl-dove (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-backport-maverick (Ubuntu)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-natty (Ubuntu)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-ti-omap4 (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-ec2 (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-ec2 (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-fsl-imx51 (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-backport-maverick (Ubuntu Trusty)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-natty (Ubuntu Trusty)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-mvl-dove (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-ti-omap4 (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-backport-maverick (Ubuntu Saucy)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-natty (Ubuntu Saucy)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-maverick (Ubuntu Raring)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-natty (Ubuntu Raring)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-maverick (Ubuntu Quantal)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-natty (Ubuntu Quantal)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux (Ubuntu Precise)	Low	Fix Released
1267082	CVE-2013-7267	linux-ec2 (Ubuntu Precise)	Low	Invalid
1267082	CVE-2013-7267	linux-fsl-imx51 (Ubuntu Precise)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-backport-maverick (Ubuntu Precise)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-natty (Ubuntu Precise)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-mvl-dove (Ubuntu Precise)	Low	Invalid
1267082	CVE-2013-7267	linux-ti-omap4 (Ubuntu Precise)	Low	Fix Released
1267082	CVE-2013-7267	linux-lts-backport-maverick (Ubuntu Lucid)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-natty (Ubuntu Lucid)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-armadaxp (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-armadaxp (Ubuntu Precise)	Low	Fix Released
1267082	CVE-2013-7267	linux-armadaxp (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-saucy (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-saucy (Ubuntu Precise)	Low	Fix Released
1267082	CVE-2013-7267	linux-lts-saucy (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-quantal (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-quantal (Ubuntu Precise)	Low	Fix Released
1267082	CVE-2013-7267	linux-lts-quantal (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-raring (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-raring (Ubuntu Precise)	Low	Fix Released
1267082	CVE-2013-7267	linux-lts-raring (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-trusty (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-trusty (Ubuntu Precise)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-trusty (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-backport-maverick (Ubuntu Utopic)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-natty (Ubuntu Utopic)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-armadaxp (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-ec2 (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-fsl-imx51 (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-backport-maverick (Ubuntu Vivid)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-backport-natty (Ubuntu Vivid)	Undecided	Won't Fix
1267082	CVE-2013-7267	linux-lts-quantal (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-raring (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-saucy (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-trusty (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-mvl-dove (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-ti-omap4 (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-goldfish (Ubuntu)	Low	New
1267082	CVE-2013-7267	linux-goldfish (Ubuntu Precise)	Low	Invalid
1267082	CVE-2013-7267	linux-goldfish (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-goldfish (Ubuntu Vivid)	Low	Won't Fix
1267082	CVE-2013-7267	linux-flo (Ubuntu)	Low	New
1267082	CVE-2013-7267	linux-flo (Ubuntu Precise)	Low	Invalid
1267082	CVE-2013-7267	linux-flo (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-flo (Ubuntu Vivid)	Low	New
1267082	CVE-2013-7267	linux-mako (Ubuntu)	Low	New
1267082	CVE-2013-7267	linux-mako (Ubuntu Precise)	Low	Invalid
1267082	CVE-2013-7267	linux-mako (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-mako (Ubuntu Vivid)	Low	New
1267082	CVE-2013-7267	linux-lts-utopic (Ubuntu)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-utopic (Ubuntu Precise)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-utopic (Ubuntu Trusty)	Low	Invalid
1267082	CVE-2013-7267	linux-lts-utopic (Ubuntu Vivid)	Low	Invalid
1267082	CVE-2013-7267	linux-manta (Ubuntu)	Low	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2013123...
CONFIRM: http://git.kernel.org/...
CONFIRM: http://www.kernel.org/...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://github.com/tor...
SECUNIA: 55882
SECUNIA: 56036
UBUNTU: USN-2113-1
UBUNTU: USN-2117-1
UBUNTU: USN-2109-1
UBUNTU: USN-2110-1
UBUNTU: USN-2128-1
UBUNTU: USN-2129-1
UBUNTU: USN-2135-1
UBUNTU: USN-2136-1
UBUNTU: USN-2138-1
UBUNTU: USN-2139-1
UBUNTU: USN-2141-1