Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 458780 (CVE-2013-1772) - Kernel : "call_console_drivers()" Function Log Prefix Stripping Denial of Service (CVE-2013-1772)
Summary: Kernel : "call_console_drivers()" Function Log Prefix Stripping Denial of Ser...
Status: RESOLVED OBSOLETE
Alias: CVE-2013-1772
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://secunia.com/advisories/52366/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-22 19:46 UTC by Agostino Sarubbo
Modified: 2018-04-04 18:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-02-22 19:46:08 UTC 
From $URL :

Description
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users 
to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "call_console_drivers()" function 
(kernel/printk.c) when stripping log prefixes. This can be exploited to cause the system to stop 
responding via specially crafted shell commands.

The vulnerability is reported in versions prior to 3.0.66, 3.2.38, and 3.4.33.


Solution
Update to version 3.0.66, 3.2.38, or 3.4.33.

Provided and/or discovered by
Alexandre Simon

Original Advisory
Kernel.org:
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.66
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.38
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 18:34:23 UTC 
There are no longer any 2.x or <3.4 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.