Ubuntu

Overview
Code
Bugs
Blueprints
Translations
Answers

CVE-2013-4588

Reported by John Johansen on 2013-11-18

256

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Fix Released	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
linux-armadaxp (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
linux-ec2 (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Fix Released	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
linux-fsl-imx51 (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
linux-lts-backport-maverick (Ubuntu)	Won't Fix	Undecided	Unassigned
Lucid	Won't Fix	Undecided	Unassigned
Precise	Won't Fix	Undecided	Unassigned
Quantal	Won't Fix	Undecided	Unassigned
Raring	Won't Fix	Undecided	Unassigned
Saucy	Won't Fix	Undecided	Unassigned
Trusty	Won't Fix	Undecided	Unassigned
linux-lts-backport-natty (Ubuntu)	Won't Fix	Undecided	Unassigned
Lucid	Won't Fix	Undecided	Unassigned
Precise	Won't Fix	Undecided	Unassigned
Quantal	Won't Fix	Undecided	Unassigned
Raring	Won't Fix	Undecided	Unassigned
Saucy	Won't Fix	Undecided	Unassigned
Trusty	Won't Fix	Undecided	Unassigned
linux-lts-quantal (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
linux-lts-raring (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
linux-lts-saucy (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Fix Committed	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
linux-mvl-dove (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
linux-ti-omap4 (Ubuntu)	Invalid	Medium	Unassigned
Lucid	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Quantal	Invalid	Medium	Unassigned
Raring	Invalid	Medium	Unassigned
Saucy	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned

(?)

Bug Description

Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. A user/program with CAP_NET_ADMIN privileges could use this flaw to further escalate their privileges on a system.

Break-Fix: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 04bcef2a83f40c6db24222b27a52892cba39dffb

See original description

Tags: Edit Tag help

CVE References

John Johansen (jjohansen) wrote on 2013-11-18:

CVE-2013-4588

tags:	added: kernel-cve-tracking-bug
information type:	Public → Public Security
Changed in linux-armadaxp (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Raring):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Raring):
status:	New → Invalid
description:	updated
Changed in linux-armadaxp (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance:	Undecided → Medium

John Johansen (jjohansen) on 2013-11-18

Changed in linux (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Raring):
importance:	Undecided → Medium

John Johansen (jjohansen) on 2013-11-18

Changed in linux-armadaxp (Ubuntu Precise):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Precise):
status:	New → Fix Committed
Changed in linux (Ubuntu Precise):
status:	New → Invalid
Changed in linux (Ubuntu Saucy):
status:	New → Invalid
Changed in linux (Ubuntu Trusty):
status:	New → Invalid
Changed in linux (Ubuntu Quantal):
status:	New → Invalid
Changed in linux (Ubuntu Raring):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Precise):
status:	New → Invalid

John Johansen (jjohansen) on 2013-11-22

Changed in linux-ec2 (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux (Ubuntu Lucid):
status:	New → Fix Committed

John Johansen (jjohansen) on 2013-11-28

description:

updated

John Johansen (jjohansen) on 2013-12-02

Changed in linux-ti-omap4 (Ubuntu Trusty):
status:	New → Invalid

Jamie Strandboge (jdstrand) on 2013-12-20

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Raring):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Trusty):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Trusty):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu):
status:	New → Won't Fix

Launchpad Janitor (janitor) wrote on 2014-01-02:

This bug was fixed in the package linux - 2.6.32-55.117

---------------
linux (2.6.32-55.117) lucid; urgency=low

[Steve Conklin]

* Release Tracking Bug
- LP: #1257364

[ Upstream Kernel Changes ]

  * ipvs: Add boundary check on ioctl arguments
    - LP: #1252424
    - CVE-2013-4588
  * vm: add vm_iomap_memory() helper function
    - LP: #1252426
    - CVE-2013-6763
  * Fix a few incorrectly checked [io_]remap_pfn_range() calls
    - LP: #1252426
    - CVE-2013-6763
  * crypto: ansi_cprng - Fix off by one error in non-block size request
    - LP: #1229981
    - CVE-2013-4345
  * libertas: potential oops in debugfs
    - LP: #1256080
    - CVE-2013-6378
-- Steve Conklin <email address hidden> Tue, 03 Dec 2013 10:26:46 -0600

Changed in linux (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Launchpad Janitor (janitor) wrote on 2014-01-02:

This bug was fixed in the package linux-ec2 - 2.6.32-360.73

---------------
linux-ec2 (2.6.32-360.73) lucid-proposed; urgency=low

[ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-55.117
  * Release Tracking Bug
    - LP: #1257527

[ Ubuntu: 2.6.32-55.117 ]

  * ipvs: Add boundary check on ioctl arguments
    - LP: #1252424
    - CVE-2013-4588
  * vm: add vm_iomap_memory() helper function
    - LP: #1252426
    - CVE-2013-6763
  * Fix a few incorrectly checked [io_]remap_pfn_range() calls
    - LP: #1252426
    - CVE-2013-6763
  * crypto: ansi_cprng - Fix off by one error in non-block size request
    - LP: #1229981
    - CVE-2013-4345
  * libertas: potential oops in debugfs
    - LP: #1256080
    - CVE-2013-6378
-- Stefan Bader <email address hidden> Wed, 04 Dec 2013 14:12:21 +0100

Changed in linux-ec2 (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information Edit

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers