Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 458780 (CVE-2013-1772)

Summary: Kernel : "call_console_drivers()" Function Log Prefix Stripping Denial of Service (CVE-2013-1772)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED OBSOLETE    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/52366/
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-02-22 19:46:08 UTC 
From $URL :

Description
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users 
to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "call_console_drivers()" function 
(kernel/printk.c) when stripping log prefixes. This can be exploited to cause the system to stop 
responding via specially crafted shell commands.

The vulnerability is reported in versions prior to 3.0.66, 3.2.38, and 3.4.33.


Solution
Update to version 3.0.66, 3.2.38, or 3.4.33.

Provided and/or discovered by
Alexandre Simon

Original Advisory
Kernel.org:
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.66
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.38
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.33
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 18:34:23 UTC 
There are no longer any 2.x or <3.4 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.