Vulnerability-Lookup

CVE-2013-2094 (GCVE-0-2013-2094)

Vulnerability from cvelistv5 – Published: 2013-05-14 20:00 – Updated: 2025-10-22 00:05

CISA KEV

Summary

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

redhat

References

29 references

URL	Tags
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://lkml.indiana.edu/hypermail/linux/kernel/13…	mailing-listx_refsource_MLIST
http://lkml.indiana.edu/hypermail/linux/kernel/13…	mailing-listx_refsource_MLIST
http://lists.centos.org/pipermail/centos-announce…	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-1826-1	vendor-advisoryx_refsource_UBUNTU
http://lkml.indiana.edu/hypermail/linux/kernel/13…	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-1838-1	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=962792	x_refsource_CONFIRM
https://github.com/torvalds/linux/commit/8176cced…	x_refsource_CONFIRM
http://www.kernel.org/pub/linux/kernel/v3.x/Chang…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1828-1	vendor-advisoryx_refsource_UBUNTU
http://lists.centos.org/pipermail/centos-announce…	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-1827-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1836-1	vendor-advisoryx_refsource_UBUNTU
http://www.osvdb.org/93361	vdb-entryx_refsource_OSVDB
http://www.exploit-db.com/exploits/33589	exploitx_refsource_EXPLOIT-DB
http://rhn.redhat.com/errata/RHSA-2013-0830.html	vendor-advisoryx_refsource_REDHAT
http://news.ycombinator.com/item?id=5703758	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/6	mailing-listx_refsource_MLIST
http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://packetstormsecurity.com/files/121616/semtex.c	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://twitter.com/djrbliss/statuses/334301992648331267	x_refsource_MISC
http://www.reddit.com/r/netsec/comments/1eb9iw	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-1825-1	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Date Public ?

2013-04-12 00:00

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 08de6eb7-479a-4f88-aa0e-8f3783cbf57a

Vulnerability ID: CVE-2013-2094

Status: Confirmed

Status Updated: 2022-09-15 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2022-09-15

Asserted: 2022-09-15

Scope

Notes: KEV entry: Linux Kernel Privilege Escalation Vulnerability | Affected: Linux / Kernel | Description: Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f; https://nvd.nist.gov/vuln/detail/CVE-2013-2094

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-189
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Kernel
Due Date	2022-10-06
Date Added	2022-09-15
Vendorproject	Linux
Vulnerabilityname	Linux Kernel Privilege Escalation Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2013-2094

Created: 2026-02-02 12:27 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:27:41.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2013:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
          },
          {
            "name": "MDVSA-2013:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
          },
          {
            "name": "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html"
          },
          {
            "name": "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html"
          },
          {
            "name": "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html"
          },
          {
            "name": "USN-1826-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1826-1"
          },
          {
            "name": "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html"
          },
          {
            "name": "USN-1838-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1838-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"
          },
          {
            "name": "USN-1828-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1828-1"
          },
          {
            "name": "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html"
          },
          {
            "name": "USN-1827-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1827-1"
          },
          {
            "name": "USN-1836-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1836-1"
          },
          {
            "name": "93361",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/93361"
          },
          {
            "name": "33589",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/33589"
          },
          {
            "name": "RHSA-2013:0830",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://news.ycombinator.com/item?id=5703758"
          },
          {
            "name": "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/05/14/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f"
          },
          {
            "name": "SUSE-SU-2013:0819",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/121616/semtex.c"
          },
          {
            "name": "openSUSE-SU-2013:0925",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://twitter.com/djrbliss/statuses/334301992648331267"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.reddit.com/r/netsec/comments/1eb9iw"
          },
          {
            "name": "openSUSE-SU-2013:1042",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html"
          },
          {
            "name": "USN-1825-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1825-1"
          },
          {
            "name": "openSUSE-SU-2013:0951",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2013-2094",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-01T03:55:11.896804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-09-15",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:42.816Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-09-15T00:00:00.000Z",
            "value": "CVE-2013-2094 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T17:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2013:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
        },
        {
          "name": "MDVSA-2013:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
        },
        {
          "name": "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html"
        },
        {
          "name": "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html"
        },
        {
          "name": "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html"
        },
        {
          "name": "USN-1826-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1826-1"
        },
        {
          "name": "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html"
        },
        {
          "name": "USN-1838-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1838-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"
        },
        {
          "name": "USN-1828-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1828-1"
        },
        {
          "name": "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html"
        },
        {
          "name": "USN-1827-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1827-1"
        },
        {
          "name": "USN-1836-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1836-1"
        },
        {
          "name": "93361",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/93361"
        },
        {
          "name": "33589",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/33589"
        },
        {
          "name": "RHSA-2013:0830",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://news.ycombinator.com/item?id=5703758"
        },
        {
          "name": "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/05/14/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f"
        },
        {
          "name": "SUSE-SU-2013:0819",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/121616/semtex.c"
        },
        {
          "name": "openSUSE-SU-2013:0925",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://twitter.com/djrbliss/statuses/334301992648331267"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.reddit.com/r/netsec/comments/1eb9iw"
        },
        {
          "name": "openSUSE-SU-2013:1042",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html"
        },
        {
          "name": "USN-1825-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1825-1"
        },
        {
          "name": "openSUSE-SU-2013:0951",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2094",
    "datePublished": "2013-05-14T20:00:00.000Z",
    "dateReserved": "2013-02-19T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:42.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2013-2094",
      "cwes": "[\"CWE-189\"]",
      "dateAdded": "2022-09-15",
      "dueDate": "2022-10-06",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f; https://nvd.nist.gov/vuln/detail/CVE-2013-2094",
      "product": "Kernel",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.",
      "vendorProject": "Linux",
      "vulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability"
    },
    "epss": {
      "cve": "CVE-2013-2094",
      "date": "2026-05-25",
      "epss": "0.66322",
      "percentile": "0.98551"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-10-06",
      "cisaExploitAdd": "2022-09-15",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.0.75\", \"matchCriteriaId\": \"4A84D169-58BB-49ED-A9F4-776E182C22D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.1\", \"versionEndExcluding\": \"3.2.45\", \"matchCriteriaId\": \"88DA168C-393B-4853-8034-6E9099CC9623\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.3\", \"versionEndExcluding\": \"3.4.42\", \"matchCriteriaId\": \"8FECB4AF-F9DF-44E3-BD62-741D5D129053\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.5\", \"versionEndExcluding\": \"3.8.9\", \"matchCriteriaId\": \"7E3C2571-AFE5-4ED0-810D-232092DD0220\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n perf_swevent_init en kernel/events/core.c en el Kernel de Linux anterior a v3.8.9 usa un tipo de datos entero incorrecto, lo que permite a usuarios locales ganar privilegios mediante una llamada al sistema perf_event_open especialmente dise\\u00f1ada.\"}]",
      "id": "CVE-2013-2094",
      "lastModified": "2024-12-19T18:30:26.137",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-05-14T20:55:01.527",
      "references": "[{\"url\": \"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://news.ycombinator.com/item?id=5703758\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/121616/semtex.c\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0830.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://twitter.com/djrbliss/statuses/334301992648331267\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.exploit-db.com/exploits/33589\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2013:176\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/05/14/6\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.osvdb.org/93361\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.reddit.com/r/netsec/comments/1eb9iw\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1825-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1826-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1827-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1828-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1836-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1838-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=962792\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://news.ycombinator.com/item?id=5703758\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/121616/semtex.c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0830.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://twitter.com/djrbliss/statuses/334301992648331267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.exploit-db.com/exploits/33589\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2013:176\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/05/14/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.osvdb.org/93361\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.reddit.com/r/netsec/comments/1eb9iw\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1825-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1826-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1827-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1828-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1836-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1838-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=962792\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-2094\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-05-14T20:55:01.527\",\"lastModified\":\"2026-04-22T14:38:13.710\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n perf_swevent_init en kernel/events/core.c en el Kernel de Linux anterior a v3.8.9 usa un tipo de datos entero incorrecto, lo que permite a usuarios locales ganar privilegios mediante una llamada al sistema perf_event_open especialmente dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-09-15\",\"cisaActionDue\":\"2022-10-06\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Linux Kernel Privilege Escalation Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0.75\",\"matchCriteriaId\":\"4A84D169-58BB-49ED-A9F4-776E182C22D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1\",\"versionEndExcluding\":\"3.2.45\",\"matchCriteriaId\":\"88DA168C-393B-4853-8034-6E9099CC9623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3\",\"versionEndExcluding\":\"3.4.42\",\"matchCriteriaId\":\"8FECB4AF-F9DF-44E3-BD62-741D5D129053\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5\",\"versionEndExcluding\":\"3.8.9\",\"matchCriteriaId\":\"7E3C2571-AFE5-4ED0-810D-232092DD0220\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://news.ycombinator.com/item?id=5703758\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/121616/semtex.c\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0830.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://twitter.com/djrbliss/statuses/334301992648331267\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.exploit-db.com/exploits/33589\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:176\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/05/14/6\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/93361\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.reddit.com/r/netsec/comments/1eb9iw\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1825-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1826-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1827-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1828-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1836-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1838-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=962792\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://news.ycombinator.com/item?id=5703758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/121616/semtex.c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0830.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://twitter.com/djrbliss/statuses/334301992648331267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.exploit-db.com/exploits/33589\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/05/14/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/93361\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.reddit.com/r/netsec/comments/1eb9iw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1825-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1826-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1827-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1828-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1836-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1838-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=962792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html\", \"name\": \"openSUSE-SU-2013:0847\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2013:176\", \"name\": \"MDVSA-2013:176\", \"tags\": [\"vendor-advisory\", \"x_refsource_MANDRIVA\", \"x_transferred\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html\", \"name\": \"[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html\", \"name\": \"[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html\", \"name\": \"[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1826-1\", \"name\": \"USN-1826-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html\", \"name\": \"[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1838-1\", \"name\": \"USN-1838-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=962792\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1828-1\", \"name\": \"USN-1828-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html\", \"name\": \"[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1827-1\", \"name\": \"USN-1827-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1836-1\", \"name\": \"USN-1836-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://www.osvdb.org/93361\", \"name\": \"93361\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\", \"x_transferred\"]}, {\"url\": \"http://www.exploit-db.com/exploits/33589\", \"name\": \"33589\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0830.html\", \"name\": \"RHSA-2013:0830\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://news.ycombinator.com/item?id=5703758\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/05/14/6\", \"name\": \"[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html\", \"name\": \"SUSE-SU-2013:0819\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/121616/semtex.c\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html\", \"name\": \"openSUSE-SU-2013:0925\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://twitter.com/djrbliss/statuses/334301992648331267\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.reddit.com/r/netsec/comments/1eb9iw\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html\", \"name\": \"openSUSE-SU-2013:1042\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1825-1\", \"name\": \"USN-1825-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html\", \"name\": \"openSUSE-SU-2013:0951\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T15:27:41.124Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2013-2094\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-01T03:55:11.896804Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-09-15\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-09-15T00:00:00.000Z\", \"value\": \"CVE-2013-2094 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:18:45.843Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2013-04-12T00:00:00.000Z\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html\", \"name\": \"openSUSE-SU-2013:0847\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2013:176\", \"name\": \"MDVSA-2013:176\", \"tags\": [\"vendor-advisory\", \"x_refsource_MANDRIVA\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html\", \"name\": \"[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html\", \"name\": \"[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html\", \"name\": \"[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1826-1\", \"name\": \"USN-1826-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html\", \"name\": \"[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1838-1\", \"name\": \"USN-1838-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=962792\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1828-1\", \"name\": \"USN-1828-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html\", \"name\": \"[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1827-1\", \"name\": \"USN-1827-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1836-1\", \"name\": \"USN-1836-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://www.osvdb.org/93361\", \"name\": \"93361\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\"]}, {\"url\": \"http://www.exploit-db.com/exploits/33589\", \"name\": \"33589\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0830.html\", \"name\": \"RHSA-2013:0830\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://news.ycombinator.com/item?id=5703758\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/05/14/6\", \"name\": \"[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html\", \"name\": \"SUSE-SU-2013:0819\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://packetstormsecurity.com/files/121616/semtex.c\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html\", \"name\": \"openSUSE-SU-2013:0925\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://twitter.com/djrbliss/statuses/334301992648331267\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.reddit.com/r/netsec/comments/1eb9iw\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html\", \"name\": \"openSUSE-SU-2013:1042\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1825-1\", \"name\": \"USN-1825-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html\", \"name\": \"openSUSE-SU-2013:0951\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2017-01-04T17:57:01.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2013-2094\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:42.816Z\", \"dateReserved\": \"2013-02-19T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2013-05-14T20:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTA-2013-ALE-005

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité a été corrigée dans le noyau Linux. Elle permet à un attaquant de provoquer une élévation de privilèges. Un code d'exploitation est disponible publiquement et activement utilisé.

Contournement provisoire

En attendant que votre distribution intègre le correctif, il est possible de contourner le code d'exploitation en utilisant un noyau durci tel que grsecurity ou les fonctionnalités processeurs :

Supervisor Mode Access Prevention ;
Supervisor Mode Execution Protection.

Il est aussi possible de :

recompiler son noyau avec le correctif du noyau Linux ;
recompiler son noyau en désactivant la fonctionnalité CONFIG_PERF_EVENTS ;
d'utiliser un noyau vanilla stable corrigé.

Solution

Installer les derniers correctifs de votre distribution Linux :

Debian : DSA-2669-1
Ubuntu LTS : USN-1825-1, USN-1828-1
Red Hat : RHSA-2013-0830, RHSA-2013-0832, RHSA-2013-0829, RHSA-2013-0840, RHSA-2013-0841
SUSE Linux Enterprise : SUSE-SU-2013:0819-1

Mandriva n'a pas encore corrigé la vulnérabilité.

Noyau Linux de la version 2.6.37 à la version 3.8.8 ;
Debian version stable (Wheezy) ;
CentOS version stable (6.4) avec un noyau 2.6.32 qui intègre la fonctionnalité ;
Toutes les autres distributions sont probablement vulnérables si elles utilisent un noyau concerné.

Les noyaux Linux versions supérieures à 3.8.8 et inférieures à 2.6.37 ne semblent pas être affectés, ainsi que les dernières versions stables supportées par le noyau Linux :

Noyau Linux version 3.4.45
Noyau Linux version 3.2.45
Noyau Linux version 3.0.78

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Correctif de sécurité du noyau Linux du 13 avril 2013	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2013-0832 du 17 mai 2013 :	-	other
Bulletin de sécurité SUSE SUSE-SU-2013:0819-1 du 22 mai 2013 :	-	other
Bulletin de sécurité Red Hat RHSA-2013-0840 du 20 mai 2013 :	-	other
Bulletin de sécurité Ubuntu USN-1825-1 du 15 mai 2013 :	-	other
Bulletin de sécurité Red Hat RHSA-2013-0830 du 16 mai 2013 :	-	other
Bulletin de sécurité Ubuntu USN-1828-1 du 15 mai 2013 :	-	other
Bulletin de sécurité Red Hat RHSA-2013-0829 du 20 mai 2013 :	-	other
Bulletin de sécurité Debian DSA-2669-1 du 15 mai 2013 :	-	other
Bulletin de sécurité Red Hat RHSA-2013-0841 du 20 mai 2013 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eNoyau Linux de la version 2.6.37 \u00e0 la version 3.8.8 ;\u003c/LI\u003e    \u003cLI\u003eDebian version stable (Wheezy) ;\u003c/LI\u003e    \u003cLI\u003eCentOS version stable (6.4) avec un noyau 2.6.32 qui    int\u00e8gre la fonctionnalit\u00e9 ;\u003c/LI\u003e    \u003cLI\u003eToutes les autres distributions sont probablement    vuln\u00e9rables si elles utilisent un noyau concern\u00e9.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes noyaux Linux versions sup\u00e9rieures \u00e0 3.8.8 et inf\u00e9rieures \u00e0  2.6.37 ne semblent pas \u00eatre affect\u00e9s, ainsi que les derni\u00e8res  versions stables support\u00e9es par le noyau Linux :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eNoyau Linux version 3.4.45\u003c/LI\u003e    \u003cLI\u003eNoyau Linux version 3.2.45\u003c/LI\u003e    \u003cLI\u003eNoyau Linux version 3.0.78\u003c/LI\u003e  \u003c/UL\u003e",
  "closed_at": "2013-05-24",
  "content": "## Contournement provisoire\n\nEn attendant que votre distribution int\u00e8gre le correctif, il est\npossible de contourner le code d\u0027exploitation en utilisant un noyau\ndurci tel que grsecurity ou les fonctionnalit\u00e9s processeurs :\n\n-   Supervisor Mode Access Prevention ;\n-   Supervisor Mode Execution Protection.\n\nIl est aussi possible de :\n\n-   recompiler son noyau avec le correctif du noyau Linux ;\n-   recompiler son noyau en d\u00e9sactivant la fonctionnalit\u00e9\n    CONFIG_PERF_EVENTS ;\n-   d\u0027utiliser un noyau vanilla stable corrig\u00e9.\n\n## Solution\n\nInstaller les derniers correctifs de votre distribution Linux :\n\n-   Debian : DSA-2669-1\n-   Ubuntu LTS : USN-1825-1, USN-1828-1\n-   Red Hat : RHSA-2013-0830, RHSA-2013-0832, RHSA-2013-0829,\n    RHSA-2013-0840, RHSA-2013-0841\n-   SUSE Linux Enterprise : SUSE-SU-2013:0819-1\n\nMandriva n\u0027a pas encore corrig\u00e9 la vuln\u00e9rabilit\u00e9.\n",
  "cves": [
    {
      "name": "CVE-2013-2094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2094"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0832 du 17 mai 2013    :",
      "url": "https://rhn.redhat.com/errata/RHSA-2013-0832.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2013:0819-1 du 22 mai    2013 :",
      "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20130819-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0840 du 20 mai 2013    :",
      "url": "https://rhn.redhat.com/errata/RHSA-2013-0840.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1825-1 du 15 mai 2013 :",
      "url": "http://www.ubuntu.com/usn/usn-1825-1/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0830 du 16 mai 2013    :",
      "url": "https://rhn.redhat.com/errata/RHSA-2013-0830.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1828-1 du 15 mai 2013 :",
      "url": "http://www.ubuntu.com/usn/usn-1828-1/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0829 du 20 mai 2013    :",
      "url": "https://rhn.redhat.com/errata/RHSA-2013-0829.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-2669-1 du 15 mai 2013 :",
      "url": "http://www.debian.org/security/2013/dsa-2669"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0841 du 20 mai 2013    :",
      "url": "https://rhn.redhat.com/errata/RHSA-2013-0841.html"
    }
  ],
  "reference": "CERTA-2013-ALE-005",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-05-14T00:00:00.000000"
    },
    {
      "description": "ajout correctifs \u00e9diteurs.",
      "revision_date": "2013-05-22T00:00:00.000000"
    },
    {
      "description": "ajout correctif SUSE.",
      "revision_date": "2013-05-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003ele noyau\nLinux\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de\nprivil\u00e8ges. Un code d\u0027exploitation est disponible publiquement et\nactivement utilis\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le noyau Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Correctif de s\u00e9curit\u00e9 du noyau Linux du 13 avril 2013",
      "url": "https://patchwork.kernel.org/patch/2441281/"
    }
  ]
}

CERTA-2013-AVI-323

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Red Hat Enterprise Linux version 6

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2013-0829 du 20 mai 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eRed Hat Enterprise Linux version 6\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-2546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2546"
    },
    {
      "name": "CVE-2013-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3076"
    },
    {
      "name": "CVE-2013-1979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1979"
    },
    {
      "name": "CVE-2013-3225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3225"
    },
    {
      "name": "CVE-2013-1819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1819"
    },
    {
      "name": "CVE-2013-0914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0914"
    },
    {
      "name": "CVE-2013-1929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1929"
    },
    {
      "name": "CVE-2013-1860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1860"
    },
    {
      "name": "CVE-2013-2635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2635"
    },
    {
      "name": "CVE-2013-2548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2548"
    },
    {
      "name": "CVE-2013-2634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2634"
    },
    {
      "name": "CVE-2013-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1774"
    },
    {
      "name": "CVE-2013-3222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3222"
    },
    {
      "name": "CVE-2013-2094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2094"
    },
    {
      "name": "CVE-2013-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1767"
    },
    {
      "name": "CVE-2013-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0913"
    },
    {
      "name": "CVE-2013-3231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3231"
    },
    {
      "name": "CVE-2013-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1792"
    },
    {
      "name": "CVE-2013-2547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2547"
    },
    {
      "name": "CVE-2013-3224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3224"
    },
    {
      "name": "CVE-2013-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1848"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-323",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau Linux de\n\u003cspan class=\"textit\"\u003eRed Hat\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2013-0829 du 20 mai 2013",
      "url": "https://rhn.redhat.com/errata/RHSA-2013-0829.html"
    }
  ]
}

CERTA-2013-AVI-324

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Debian version 7.0 (Wheezy)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Debian DSA-2669 du 15 mai 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eDebian version 7.0 (Wheezy)\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3228"
    },
    {
      "name": "CVE-2013-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3076"
    },
    {
      "name": "CVE-2013-1979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1979"
    },
    {
      "name": "CVE-2013-3225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3225"
    },
    {
      "name": "CVE-2013-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3235"
    },
    {
      "name": "CVE-2013-3223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3223"
    },
    {
      "name": "CVE-2013-1929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1929"
    },
    {
      "name": "CVE-2013-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3234"
    },
    {
      "name": "CVE-2013-3222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3222"
    },
    {
      "name": "CVE-2013-2094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2094"
    },
    {
      "name": "CVE-2013-3301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3301"
    },
    {
      "name": "CVE-2013-3231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3231"
    },
    {
      "name": "CVE-2013-2015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2015"
    },
    {
      "name": "CVE-2013-3229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3229"
    },
    {
      "name": "CVE-2013-1796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1796"
    },
    {
      "name": "CVE-2013-3227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3227"
    },
    {
      "name": "CVE-2013-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0160"
    },
    {
      "name": "CVE-2013-3224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3224"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-324",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-05-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau Linux de\n\u003cspan class=\"textit\"\u003eDebian\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-2669 du 15 mai 2013",
      "url": "http://www.debian.org/security/2013/dsa-2669"
    }
  ]
}

CERTA-2013-AVI-336

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Ubuntu version 12.04 LTS

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-1844-1 du 30 mai 2013	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-1849-1 du 30 mai 2013	None	vendor-advisory
Bulletin de sécurité ubuntu USN-1849-1 du 30 mai 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eUbuntu version 12.04 LTS\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3228"
    },
    {
      "name": "CVE-2013-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3076"
    },
    {
      "name": "CVE-2013-3230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3230"
    },
    {
      "name": "CVE-2013-3225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3225"
    },
    {
      "name": "CVE-2013-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3235"
    },
    {
      "name": "CVE-2013-3233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3233"
    },
    {
      "name": "CVE-2013-3223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3223"
    },
    {
      "name": "CVE-2013-2850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2850"
    },
    {
      "name": "CVE-2013-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3234"
    },
    {
      "name": "CVE-2013-3222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3222"
    },
    {
      "name": "CVE-2013-2094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2094"
    },
    {
      "name": "CVE-2013-3231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3231"
    },
    {
      "name": "CVE-2013-3229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3229"
    },
    {
      "name": "CVE-2013-3226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3226"
    },
    {
      "name": "CVE-2013-3227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3227"
    },
    {
      "name": "CVE-2013-3224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3224"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ubuntu USN-1849-1 du 30 mai 2013",
      "url": "http://www.ubuntu.com/usn/usn-1849-1/"
    }
  ],
  "reference": "CERTA-2013-AVI-336",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-05-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau Linux\nd\u0027\u003cspan class=\"textit\"\u003eUbuntu\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1844-1 du 30 mai 2013",
      "url": "http://www.ubuntu.com/usn/usn-1844-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1849-1 du 30 mai 2013",
      "url": null
    }
  ]
}

CERTA-2013-AVI-375

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Mandriva. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Mandriva Business Server 1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Mandriva MDVSA-2013:176 du 24 juin 2013	None	vendor-advisory
Bulletin de sécurité Mandriva MDVSA-2013:176 du 24 juin 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMandriva Business Server 1\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-2546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2546"
    },
    {
      "name": "CVE-2013-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3228"
    },
    {
      "name": "CVE-2013-1979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1979"
    },
    {
      "name": "CVE-2013-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0217"
    },
    {
      "name": "CVE-2013-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0290"
    },
    {
      "name": "CVE-2013-3225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3225"
    },
    {
      "name": "CVE-2013-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3235"
    },
    {
      "name": "CVE-2013-0914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0914"
    },
    {
      "name": "CVE-2013-3233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3233"
    },
    {
      "name": "CVE-2013-3223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3223"
    },
    {
      "name": "CVE-2013-1929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1929"
    },
    {
      "name": "CVE-2013-1860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1860"
    },
    {
      "name": "CVE-2013-2635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2635"
    },
    {
      "name": "CVE-2013-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0216"
    },
    {
      "name": "CVE-2013-1798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1798"
    },
    {
      "name": "CVE-2013-2548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2548"
    },
    {
      "name": "CVE-2013-2634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2634"
    },
    {
      "name": "CVE-2013-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3234"
    },
    {
      "name": "CVE-2013-3222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3222"
    },
    {
      "name": "CVE-2013-2094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2094"
    },
    {
      "name": "CVE-2013-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1767"
    },
    {
      "name": "CVE-2012-6548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6548"
    },
    {
      "name": "CVE-2013-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1797"
    },
    {
      "name": "CVE-2013-3231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3231"
    },
    {
      "name": "CVE-2013-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1792"
    },
    {
      "name": "CVE-2013-2547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2547"
    },
    {
      "name": "CVE-2013-3229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3229"
    },
    {
      "name": "CVE-2013-0311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0311"
    },
    {
      "name": "CVE-2013-1796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1796"
    },
    {
      "name": "CVE-2013-2596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2596"
    },
    {
      "name": "CVE-2013-2141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2141"
    },
    {
      "name": "CVE-2013-0228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0228"
    },
    {
      "name": "CVE-2013-3227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3227"
    },
    {
      "name": "CVE-2012-6547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6547"
    },
    {
      "name": "CVE-2013-3232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3232"
    },
    {
      "name": "CVE-2012-5532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5532"
    },
    {
      "name": "CVE-2012-6549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6549"
    },
    {
      "name": "CVE-2013-3224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3224"
    },
    {
      "name": "CVE-2012-2669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2669"
    },
    {
      "name": "CVE-2013-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1848"
    },
    {
      "name": "CVE-2013-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2146"
    },
    {
      "name": "CVE-2013-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1763"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2013:176 du 24 juin    2013",
      "url": "http://www.mandriva.com/fr/support/security/advisories/mbs1/MDVSA-2013:176/"
    }
  ],
  "reference": "CERTA-2013-AVI-375",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-06-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau Linux de\n\u003cspan class=\"textit\"\u003eMandriva\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Mandriva",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2013:176 du 24 juin 2013",
      "url": null
    }
  ]
}

CERTFR-2014-AVI-271

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	FIPS SA4000
N/A	N/A	IC4000
N/A	N/A	SA700
N/A	N/A	IC6500
N/A	N/A	MAG6611
N/A	N/A	FIPS SA6500
N/A	N/A	NetScreen Firewalls
N/A	N/A	SA2500
N/A	N/A	FIPS SA6000
N/A	N/A	IC4500
N/A	N/A	Junos WebApp Secure
N/A	N/A	SA6500
N/A	N/A	SA4500
N/A	N/A	MAG6610
N/A	N/A	FIPS IC6500
N/A	N/A	MAG4610
N/A	N/A	MAG2600
N/A	N/A	FIPS SA4500
N/A	N/A	IC6000

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10631 du 11 juin 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10630 du 11 juin 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10628 du 11 juin 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10632 du 11 juin 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FIPS SA4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "IC4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SA700",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "MAG6611",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "FIPS SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "NetScreen Firewalls",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SA2500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "FIPS SA6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "IC4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos WebApp Secure",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SA6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "MAG6610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "FIPS IC6500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "MAG4610",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "MAG2600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "FIPS SA4500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "IC6000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3814"
    },
    {
      "name": "CVE-2013-2094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2094"
    },
    {
      "name": "CVE-2014-3813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3813"
    },
    {
      "name": "CVE-2014-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3812"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-271",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10631 du 11 juin 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10631"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10630 du 11 juin 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10630"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10628 du 11 juin 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10628"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10632 du 11 juin 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10632"
    }
  ]
}

BDU:2015-04391

Vulnerability from fstec - Published: None

Title

Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость пакета ext4-writeable-kmp-xen операционной системы SUSE Linux Enterprise, эксплуатация которой может привести к нарушению конфиденциальности, целостности и доступности защищаемой информации. Эксплуатация уязвимости может быть осуществлена локально

Severity ?

Vendor

Novell Inc.

Software Name

SUSE Linux Enterprise

Software Version

Server 11 SP2 (SUSE Linux Enterprise), Desktop 11 SP2 (SUSE Linux Enterprise)

Possible Mitigations

Установка обновления в соответствии с инструкцией по безопасности, доступной по адресу: http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html

Reference

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html

CWE

CWE-189

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "Server 11 SP2 (SUSE Linux Enterprise), Desktop 11 SP2 (SUSE Linux Enterprise)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443: http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": null,
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-04391",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2013-2094",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SUSE Linux Enterprise",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438, \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u044e\u0449\u0438\u0435 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0447\u0438\u0441\u0435\u043b (CWE-189)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 ext4-writeable-kmp-xen \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-189",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)"
}

BDU:2015-05303

Vulnerability from fstec - Published: 03.01.2011

Title

Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации

Description

Множественные уязвимости пакета libvmtools0 операционной системы openSUSE, эксплуатация которых может привести к нарушению доступности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Severity ?

Vendor

Novell Inc.

Software Name

openSUSE

Software Version

11.4 (openSUSE)

Possible Mitigations

Установка обновления в соответствии с инструкцией по безопасности, доступной по адресу: http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

Reference

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.4 (openSUSE)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443: http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.01.2011",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.07.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-05303",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2010-3873, CVE-2011-4131, CVE-2011-4604, CVE-2011-4622, CVE-2012-1601, CVE-2012-2119, CVE-2012-2137, CVE-2012-4461, CVE-2012-5517, CVE-2013-0160, CVE-2013-0216, CVE-2013-0871, CVE-2013-0913, CVE-2013-1767, CVE-2013-1774, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-2094",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b openSUSE, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 libvmtools0 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b openSUSE, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

BDU:2015-05304

Vulnerability from fstec - Published: None

Title

Description

Множественные уязвимости пакета libvmtools0-debuginfo операционной системы openSUSE, эксплуатация которых может привести к нарушению доступности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Severity ?

Vendor

Novell Inc.

Software Name

openSUSE

Software Version

11.4 (openSUSE)

Possible Mitigations

Reference

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.4 (openSUSE)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443: http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": null,
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-05304",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2010-3873, CVE-2011-4131, CVE-2011-4604, CVE-2011-4622, CVE-2012-1601, CVE-2012-2119, CVE-2012-2137, CVE-2012-4461, CVE-2012-5517, CVE-2013-0160, CVE-2013-0216, CVE-2013-0871, CVE-2013-0913, CVE-2013-1767, CVE-2013-1774, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-2094",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b openSUSE, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 libvmtools0-debuginfo \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b openSUSE, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

BDU:2015-05305

Vulnerability from fstec - Published: None

Title

Description

Множественные уязвимости пакета libvmtools-devel операционной системы openSUSE, эксплуатация которых может привести к нарушению доступности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Severity ?

Vendor

Novell Inc.

Software Name

openSUSE

Software Version

11.4 (openSUSE)

Possible Mitigations

Reference

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.4 (openSUSE)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443: http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": null,
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-05305",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2010-3873, CVE-2011-4131, CVE-2011-4604, CVE-2011-4622, CVE-2012-1601, CVE-2012-2119, CVE-2012-2137, CVE-2012-4461, CVE-2012-5517, CVE-2013-0160, CVE-2013-0216, CVE-2013-0871, CVE-2013-0913, CVE-2013-1767, CVE-2013-1774, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-2094",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b openSUSE, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0430\u043a\u0435\u0442\u0430 libvmtools-devel \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b openSUSE, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-2094 (GCVE-0-2013-2094)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Contournement provisoire

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature