Skip to content

CVE-2013-0268 and CVE-2018-10124 #224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 17 commits into
base: dev
Choose a base branch
from
Open

CVE-2013-0268 and CVE-2018-10124 #224

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
7519556
initial commit
sui2435 Nov 10, 2023
1e65789
Made some changes
sui2435 Nov 16, 2023
b13e689
modified more
sui2435 Nov 16, 2023
f61f844
modified the correct yaml file this time
sui2435 Nov 16, 2023
490918a
FIlled in the lessons
sui2435 Nov 16, 2023
845d83e
Maybe wrong CVSS score?
sui2435 Nov 16, 2023
c74b235
No bounty found
sui2435 Nov 17, 2023
05db0d6
fixed CVE-2013-0268 to default
sui2435 Nov 17, 2023
cf61a14
filled out both CVEs as much as possible
sui2435 Nov 17, 2023
2c68125
fixed some formatting
sui2435 Nov 17, 2023
32b8362
Fixed an error maybe
sui2435 Nov 17, 2023
2451da4
both CVEs are valid now (hopefully)
sui2435 Nov 17, 2023
ab503d4
few changes
sui2435 Nov 17, 2023
234ef25
made some more changes
sui2435 Nov 17, 2023
bd592f0
should work now at least
sui2435 Nov 17, 2023
81ef87f
Fixed one more issue
sui2435 Nov 17, 2023
edaba4c
CVE-2018-10124 paused for now
sui2435 Nov 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 64 additions & 66 deletions cves/kernel/CVE-2013-0268.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,14 @@ curated_instructions: |
This will enable additional editorial checks on this file to make sure you
fill everything out properly. If you are a student, we cannot accept your work
as finished unless curated is properly updated.
curation_level: 0
curation_level: 2
reported_instructions: |
What date was the vulnerability reported to the security team? Look at the
security bulletins and bug reports. It is not necessarily the same day that
the CVE was created. Leave blank if no date is given.

Please enter your date in YYYY-MM-DD format.
reported_date:
reported_date: '2013-02-07'
announced_instructions: |
Was there a date that this vulnerability was announced to the world? You can
find this in changelogs, blogs, bug reports, or perhaps the CVE date.
Expand Down Expand Up @@ -55,7 +55,7 @@ description_instructions: |

Your target audience is people just like you before you took any course in
security
description:
description: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allowed local users to bypass intended capability restrictions when executing a crafted application as root, as demonstrated by msr32.c. This vulnerability essentially enabled local users to gain enhanced privileges by accessing specific machine-specific registers.
bounty_instructions: |
If you came across any indications that a bounty was paid out for this
vulnerability, fill it out here. Or correct it if the information already here
Expand All @@ -75,7 +75,7 @@ bugs_instructions: |
* Mentioned in mailing list discussions
* References from NVD entry
* Various other places
bugs: []
bugs: ['908693']
fixes_instructions: |
Please put the commit hash in "commit" below.

Expand Down Expand Up @@ -135,10 +135,10 @@ unit_tested:

For the fix_answer below, check if the fix for the vulnerability involves
adding or improving an automated test to ensure this doesn't happen again.
code:
code_answer:
fix:
fix_answer:
code: false
code_answer: Lack of information on unit testing for the specific subsystem.
fix: false
fix_answer: The fix commit does not mention the addition or improvement of automated tests.
discovered:
question: |
How was this vulnerability discovered?
Expand All @@ -153,10 +153,10 @@ discovered:

If there is no evidence as to how this vulnerability was found, then please
explain where you looked.
answer:
automated:
contest:
developer:
answer: The vulnerability was initially reported on the Openwall mailing list on February 7, 2013, by an unknown individual.
automated: false
contest: false
developer: false
autodiscoverable:
instructions: |
Is it plausible that a fully automated tool could have discovered
Expand All @@ -173,8 +173,8 @@ autodiscoverable:

The answer field should be boolean. In answer_note, please explain
why you come to that conclusion.
note:
answer:
note: Given the nature of the vulnerability, it is unlikely an automated tool would have easily discovered it without deep system knowledge.
answer: false
specification:
instructions: |
Is there mention of a violation of a specification? For example, the POSIX
Expand All @@ -190,8 +190,8 @@ specification:

The answer field should be boolean. In answer_note, please explain
why you come to that conclusion.
note:
answer:
note: No indication of a violation of a specific specification.
answer: false
subsystem:
question: |
What subsystems was the mistake in? These are WITHIN linux kernel
Expand Down Expand Up @@ -225,8 +225,8 @@ subsystem:
e.g.
name: ["subsystemA", "subsystemB"] # ok
name: subsystemA # also ok
name:
note:
name: arch/x86/kernel/msr
note: The vulnerability is in the machine-specific register (MSR) subsystem.
interesting_commits:
question: |
Are there any interesting commits between your VCC(s) and fix(es)?
Expand All @@ -241,10 +241,10 @@ interesting_commits:
* Other commits that fixed a similar issue as this vulnerability
* Anything else you find interesting.
commits:
- commit: c903f0456bc69176912dee6dd25c6a66ee1aed00
note: This is the fixing commit which adds a capabilities check to the MSR driver, preventing the escalation of capabilities​``【oaicite:3】``​.
- commit:
note:
- commit:
note:
note: A reference from the kernel.org ChangeLog mentioning this fix, highlighting the changes in version 3.7.6​``【oaicite:2】``​​``【oaicite:1】``​.
i18n:
question: |
Was the feature impacted by this vulnerability about internationalization
Expand All @@ -257,8 +257,8 @@ i18n:
Answer should be true or false
Write a note about how you came to the conclusions you did, regardless of
what your answer was.
answer:
note:
answer: false
note: The vulnerability is not related to internationalization.
sandbox:
question: |
Did this vulnerability violate a sandboxing feature that the system
Expand All @@ -272,8 +272,8 @@ sandbox:
Answer should be true or false
Write a note about how you came to the conclusions you did, regardless of
what your answer was.
answer:
note:
answer: false
note: This vulnerability does not involve a violation of sandboxing features.
ipc:
question: |
Did the feature that this vulnerability affected use inter-process
Expand All @@ -284,8 +284,8 @@ ipc:
Answer must be true or false.
Write a note about how you came to the conclusions you did, regardless of
what your answer was.
answer:
note:
answer: false
note: Inter-process communication was not a factor in this vulnerability.
discussion:
question: |
Was there any discussion surrounding this?
Expand All @@ -311,9 +311,9 @@ discussion:

Put any links to disagreements you found in the notes section, or any other
comment you want to make.
discussed_as_security:
any_discussion:
note:
discussed_as_security: true
any_discussion: true
note: The issue was discussed in various security forums and mailing lists, including Openwall.
vouch:
question: |
Was there any part of the fix that involved one person vouching for
Expand All @@ -326,8 +326,8 @@ vouch:

Answer must be true or false.
Write a note about how you came to the conclusions you did, regardless of what your answer was.
answer:
note:
answer: false
note: No evidence of vouching in the fix process.
stacktrace:
question: |
Are there any stacktraces in the bug reports?
Expand All @@ -341,9 +341,9 @@ stacktrace:
Answer must be true or false.
Write a note about how you came to the conclusions you did, regardless of
what your answer was.
any_stacktraces:
stacktrace_with_fix:
note:
any_stacktraces: false
stacktrace_with_fix: false
note: No stacktraces were provided in the bug reports.
forgotten_check:
question: |
Does the fix for the vulnerability involve adding a forgotten check?
Expand All @@ -362,8 +362,8 @@ forgotten_check:
Answer must be true or false.
Write a note about how you came to the conclusions you did, regardless of
what your answer was.
answer:
note:
answer: true
note: The fix involved adding a capabilities check that was previously missing.
order_of_operations:
question: |
Does the fix for the vulnerability involve correcting an order of
Expand All @@ -375,8 +375,8 @@ order_of_operations:
Answer must be true or false.
Write a note about how you came to the conclusions you did, regardless of
what your answer was.
answer:
note:
answer: false
note: The fix did not involve altering the order of operations.
lessons:
question: |
Are there any common lessons we have learned from class that apply to this
Expand All @@ -393,38 +393,38 @@ lessons:
If you think of another lesson we covered in class that applies here, feel
free to give it a small name and add one in the same format as these.
defense_in_depth:
applies:
note:
applies: true
note: This case underlines the need for multiple security layers, as the MSR subsystem lacked sufficient checks.
least_privilege:
applies:
note:
applies: true
note: The vulnerability shows the importance of ensuring that system processes adhere to the principle of least privilege.
frameworks_are_optional:
applies:
note:
applies: false
note: This lesson is not applicable as the vulnerability is not related to the use or omission of frameworks.
native_wrappers:
applies:
note:
applies: false
note: Native wrappers do not play a role in this particular vulnerability.
distrust_input:
applies:
note:
applies: true
note: The vulnerability was caused by a lack of proper input validation, emphasizing the need for distrusting external inputs.
security_by_obscurity:
applies:
note:
applies: false
note: The vulnerability was not related to security through obscurity practices.
serial_killer:
applies:
note:
applies: false
note: This lesson is not relevant as the issue does not involve serialization problems.
environment_variables:
applies:
note:
applies: false
note: The vulnerability was not influenced by environment variables.
secure_by_default:
applies:
note:
applies: true
note: This case highlights the necessity of secure configurations and restrictions by default in system design.
yagni:
applies:
note:
applies: false
note: YAGNI does not apply here as the vulnerability was not caused by unnecessary features.
complex_inputs:
applies:
note:
applies: false
note: The vulnerability does not involve handling complex inputs, making this lesson irrelevant.
mistakes:
question: |
In your opinion, after all of this research, what mistakes were made that
Expand Down Expand Up @@ -454,7 +454,7 @@ mistakes:

Write a thoughtful entry here that people in the software engineering
industry would find interesting.
answer:
answer: There might have been a lack of comprehensive testing, particularly in edge cases involving user privileges and kernel operations. Effective testing could have potentially identified the vulnerability before release.
CWE_instructions: |
Please go to http://cwe.mitre.org and find the most specific, appropriate CWE
entry that describes your vulnerability. We recommend going to
Expand All @@ -472,12 +472,10 @@ CWE_instructions: |
CWE: 123 # also ok
CWE:
- 264
CWE_note: |
CWE as registered in the NVD. If you are curating, check that this
is correct and replace this comment with "Manually confirmed".
CWE_note: 'CWE as registered in the NVD. Manually confirmed.'
nickname_instructions: |
A catchy name for this vulnerability that would draw attention it.
If the report mentions a nickname, use that.
Must be under 30 characters. Optional.
nickname:
CVSS:
CVSS:
Loading