From ${URL} : Linux kernel built with the IP Virtual Server(CONFIG_IP_VS) support is vulnerable to a buffer overflow flaw. It could occur while setting or retrieving socket options via setsockopt(2) or getsockopt(2) calls. Though a user needs to have CAP_NET_ADMIN privileges to perform these IP_VS operations. A user/program with CAP_NET_ADMIN privileges could use this flaw to further escalate their privileges on a system. Upstream fix: ------------- -> https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb
CVE-2013-4588 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4588): Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.
Fix in 2.6.33