LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: privilege escalation

Package(s):kernel CVE #(s):CVE-2012-3520
Created:August 23, 2012 Updated:February 10, 2013
Description:

From the Red Hat bugzilla entry:

A flaw was found in the way Netlink messages without explicitly set SCM_CREDENTIALS were delivered. The kernel passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the sender did not provide such data, instead of including the correct data from the peer (as it is the case with AF_UNIX). Programs that set SO_PASSCRED option on the Netlink socket and rely on SCM_CREDENTIALS for authentication might accept spoofed messages and perform privileged actions on behalf of the unprivileged attacker.

Alerts:
Fedora FEDORA-2012-12490 2012-08-22
Fedora FEDORA-2012-12684 2012-08-31
Ubuntu USN-1599-1 2012-10-09
openSUSE openSUSE-SU-2012:1330-1 2012-10-12
Ubuntu USN-1610-1 2012-10-12
Red Hat RHSA-2012:1491-01 2012-12-04
Mageia MGASA-2013-0010 2013-01-18
Mageia MGASA-2013-0009 2013-01-18
Mageia MGASA-2013-0011 2013-01-18
Mageia MGASA-2013-0012 2013-01-18
Mageia MGASA-2013-0016 2013-01-24
openSUSE openSUSE-SU-2013:0261-1 2013-02-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds