LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: privilege escalation

Package(s):kernel CVE #(s):CVE-2012-3520
Created:August 23, 2012 Updated:February 10, 2013
Description:

From the Red Hat bugzilla entry:

A flaw was found in the way Netlink messages without explicitly set SCM_CREDENTIALS were delivered. The kernel passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the sender did not provide such data, instead of including the correct data from the peer (as it is the case with AF_UNIX). Programs that set SO_PASSCRED option on the Netlink socket and rely on SCM_CREDENTIALS for authentication might accept spoofed messages and perform privileged actions on behalf of the unprivileged attacker.

Alerts:
Fedora FEDORA-2012-12490 2012-08-22
Fedora FEDORA-2012-12684 2012-08-31
Ubuntu USN-1599-1 2012-10-09
openSUSE openSUSE-SU-2012:1330-1 2012-10-12
Ubuntu USN-1610-1 2012-10-12
Red Hat RHSA-2012:1491-01 2012-12-04
Mageia MGASA-2013-0010 2013-01-18
Mageia MGASA-2013-0009 2013-01-18
Mageia MGASA-2013-0011 2013-01-18
Mageia MGASA-2013-0012 2013-01-18
Mageia MGASA-2013-0016 2013-01-24
openSUSE openSUSE-SU-2013:0261-1 2013-02-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds