Veracode Vulnerability DatabaseVERACODE:13807Netlink Messages Spoofing
EPSS
Percentile
5.1%
kernel-rt is vulnerable to message spoofing. A flaw was found in the way Netlink messages without SCM_CREDENTIALS (used for authentication) data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages.
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea
lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html
lists.opensuse.org/opensuse-updates/2013-02/msg00018.html
secunia.com/advisories/50848
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30
www.openwall.com/lists/oss-security/2012/08/22/1
www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
www.securityfocus.com/bid/55152
www.ubuntu.com/usn/USN-1599-1
www.ubuntu.com/usn/USN-1610-1
access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_6.html#RHSA-2012-1491
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=843130
bugzilla.redhat.com/show_bug.cgi?id=850449
bugzilla.redhat.com/show_bug.cgi?id=856243
bugzilla.redhat.com/show_bug.cgi?id=859226
bugzilla.redhat.com/show_bug.cgi?id=864568
github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea
rhn.redhat.com/errata/RHSA-2012-1491.html
Related
