scip AG

VulDB: Linux Kernel SG_IO SCSI IOCTL privilege escalation

General

scipID: 4503
Affected: Linux Kernel
Published: 12/22/2011
Risk: problematic
Entry: 76.1% complete
Created: 01/21/2012
Updated: 09/03/2012

Summary

A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects an unknown function of the component SG_IO SCSI IOCTL. The manipulation with an unknown input leads to a privilege escalation vulnerability. This is going to have an impact on confidentiality, and integrity.

The weakness was presented 12/22/2011. The attack needs to be approached locally. The technical details are unknown and an exploit is not publicly available.

CVSS

Base Score: 3.0 (CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:N) [?]

Exploiting

Class: Privilege escalation
Local: Yes
Remote: No

Availability: No

Countermeasures

Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Timeline

12/22/2011 | Advisory disclosed
12/22/2011 | Countermeasure disclosed
12/23/2011 | OSVDB entry created
01/21/2012 | VulDB entry created
09/03/2012 | VulDB entry updated

Sources

OSVDB: 78014

Vulnerabilities Overview

• Latest Entries
  • Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
  • Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
  • Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
  • Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
  • Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
• Statistics
  • Overview
  • Products
  • Timespans
  • Digest
• Archive
  • 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 |

• Reference Maps
  • 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 |

• CVSS Maps
  • 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 |

• Syndication
  • Alert System
  • RSS
  • Twitter