Timeline :
Vulnerability discovered and reported to the vendor by Mathias Krause the 2013-02-23
PoC provided the 2013-02-25
PoC provided by :
Mathias Krause
SynQ
Reference(s) :
Affected version(s) :
Linux Kernel 3.3 to 3.8
Tested on Ubuntu 12.10 x86 with :
Kernel 3.5.0-17-generic
Description :
Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY with a family greater or equal then AF_MAX — the array size of sock_diag_handlers[]. The current code does not test for this condition therefore is vulnerable to an out-of-bound access opening doors for a privilege escalation.
Commands :
id gcc -o CVE-2013-1763 CVE-2013-1763.c ./CVE-2013-1763 Ubuntu id