CVE-2013-5691 - Vulnerability Details - OpenCVE

The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:8.3:::::::*
	cpe:2.3:o:freebsd:freebsd:9.0:::::::*
	cpe:2.3:o:freebsd:freebsd:9.1:::::::*
	cpe:2.3:o:freebsd:freebsd:9.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/54861
http://svnweb.freebsd.org/base?view=revision&revision=255442
http://www.debian.org/security/2013/dsa-2769
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-09-23T10:00:00

Updated: 2024-08-06T17:22:29.591Z

Reserved: 2013-09-03T00:00:00

Link: CVE-2013-5691

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-09-23T10:18:59.237

Modified: 2024-11-21T01:57:56.740

Link: CVE-2013-5691

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-09-10T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-24T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "54861", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/54861"}, {"name": "FreeBSD-SA-13:12", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc"}, {"name": "DSA-2769", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2769"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svnweb.freebsd.org/base?view=revision&revision=255442"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5691", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "54861", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54861"}, {"name": "FreeBSD-SA-13:12", "refsource": "FREEBSD", "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc"}, {"name": "DSA-2769", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2769"}, {"name": "http://svnweb.freebsd.org/base?view=revision&revision=255442", "refsource": "CONFIRM", "url": "http://svnweb.freebsd.org/base?view=revision&revision=255442"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:22:29.591Z"}, "title": "CVE Program Container", "references": [{"name": "54861", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/54861"}, {"name": "FreeBSD-SA-13:12", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc"}, {"name": "DSA-2769", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2769"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svnweb.freebsd.org/base?view=revision&revision=255442"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-5691", "datePublished": "2013-09-23T10:00:00", "dateReserved": "2013-09-03T00:00:00", "dateUpdated": "2024-08-06T17:22:29.591Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "30C501A1-FE2D-41E7-A5DB-C61D8701B9B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6BD5BFF-260A-4A9E-B0AA-C8B8386B154E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "D78E559A-430D-4D50-8A83-58A37D393471", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "2C560926-7789-4052-819D-C36C43C9C61E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application."}, {"lang": "es", "value": "Los manejadores de petici\u00f3n IPV6 y ATM ioctl en el n\u00facleo en FreeBSD v8.3 hasta v9.2-STABLE no validan peticiones SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR y SIOCSIFNETMASK, lo que permite a usuarios locales realizar acciones de capa de enlace, provocar una denegaci\u00f3n de servicio (causando un \"panic\"), o posiblemente conseguir privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada."}], "id": "CVE-2013-5691", "lastModified": "2024-11-21T01:57:56.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-23T10:18:59.237", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/54861"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://svnweb.freebsd.org/base?view=revision&revision=255442"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2013/dsa-2769"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/54861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svnweb.freebsd.org/base?view=revision&revision=255442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}