| Summary: | Kernel : qeth: buffer overflow in snmp ioctl (CVE-2013-6381) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | kernel |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1033600 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
CVE-2013-6381 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6381): Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size. Fix in 3.12.3 |
From ${URL} : Linux kernel built with a Gigabit Ethernet device support(CONFIG_QETH) is vulnerable to a buffer overflow flaw. It could occur while doing an ioctl(SIOC_QETH_ADP_SET_SNMP_CONTROL) call. A user/program could use this flaw to crash the kernel resulting in DoS or potentially escalate user privileges on a system. Upstream fix: ------------- -> http://git.kernel.org/linus/6fb392b1a63ae36c31f62bc3fc8630b49d602b62 Reference: ---------- -> http://seclists.org/oss-sec/2013/q4/330