{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-05T15:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2013:1166", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979936"}, {"name": "RHSA-2013:1173", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html"}, {"name": "[oss-security] 20130630 Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/06/30/7"}, {"name": "RHSA-2013:1450", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1450.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:41.085Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:1166", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979936"}, {"name": "RHSA-2013:1173", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html"}, {"name": "[oss-security] 20130630 Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/06/30/7"}, {"name": "RHSA-2013:1450", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1450.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2224", "datePublished": "2013-07-04T21:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:27:41.085Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552."}, {"lang": "es", "value": "Cierto parche de Red Hat para el kernel de Linux v2.6.32 en Red Hat Enterprise Linux (RHEL) v6 permite a usuarios locales provocar una denegaci\u00f3n de servicio (restricciones de funcionamiento y ca\u00edda del sistema) o, posiblemente, obtener privilegios a trav\u00e9s de una llamada al sistema sendmsg con la opci\u00f3n IP_RETOPTS, como lo demuestra con hemlock.c. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta para CVE-2012-3552."}], "id": "CVE-2013-2224", "lastModified": "2023-11-07T02:14:58.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-04T21:55:01.047", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1450.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/06/30/7"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979936"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1195", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "kernel-0:2.6.32-358.118.1.openstack.el6", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2013-09-03T00:00:00Z"}, {"advisory": "RHSA-2013:1166", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-348.16.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-08-20T00:00:00Z"}, {"advisory": "RHSA-2013:1173", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-358.18.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-08-27T00:00:00Z"}, {"advisory": "RHSA-2013:1450", "cpe": "cpe:/o:redhat:rhel_eus:6.3", "package": "kernel-0:2.6.32-279.37.2.el6", "product_name": "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only", "release_date": "2013-10-22T00:00:00Z"}], "bugzilla": {"description": "kernel: net: IP_REPOPTS invalid free", "id": "979936", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979936"}, "csaw": false, "cvss": {"cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "details": ["A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552."], "name": "CVE-2013-2224", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2013-06-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2224\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2224"], "statement": "This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 may address this issue.", "threat_severity": "Important"}