CVE-2013-1828

Linux Kernel < 3.8.4 - Local Privilege Escalation via SCTP_GET_ASSOC_STATS Getsockopt

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1828. PoCs published by Petr Matousek.

AI-analyzed exploit summary This exploit triggers a buffer overflow in the Linux kernel's SCTP implementation by passing an overly long buffer to the `getsockopt` function with `SCTP_GET_ASSOC_STATS`. The vulnerability allows local privilege escalation or denial of service.

Description

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.

Exploits (1)

exploitdb WORKING POC

by Petr Matousek · cdoslinux

https://www.exploit-db.com/exploits/24747

View Code ZIP pw:eip

This exploit triggers a buffer overflow in the Linux kernel's SCTP implementation by passing an overly long buffer to the `getsockopt` function with `SCTP_GET_ASSOC_STATS`. The vulnerability allows local privilege escalation or denial of service.

Classification

Working Poc 90%

Attack Type

Lpe | Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux kernel < 3.8.8 (SCTP implementation)

No auth needed

Prerequisites: Local access to the target system · SCTP module loaded in the kernel

MITRE ATT&CK