[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CAN-2005-2555: 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hey all,

CAN-2005-2555[1] reads:

Linux kernel 2.6.x does not properly restrict socket policy access to
users with the CAP_NET_ADMIN capability, which could allow local users
to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2)
ipv6/ipv6_sockglue.c.

A flaw was discovered where xfrm_user_policy was not protected by
CAP_NET_ADMIN. A local unprivileged user could use this flaw to bypass
or create IPSEC policies.  This is not believed to allow privilege
escalation, but could lead to a denial of service (since there is no
upper bounds on creating policies).

This issue doesn't affect 2.4, unless there was a backport of this
functionality.

There appears to be fixes[2],[3],[4] available.

1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2555
2.http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fc0b4a7a73a81e74d0004732df358f4f9975be2
3.http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6fc0b4a7a73a81e74d0004732df358f4f9975
4.http://linux.bkbits.net:8080/linux-2.6/cset@42f783aesxFQlEEg0e9GPi4oeVDHbA

Micah

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDCJY29n4qXRzy1ioRAkYzAJwO13c4IwRnPZAhIlGD2gxg1W68UACfSDtZ
yfuZalt23napQ1/5WIegw6E=
=imbP
-----END PGP SIGNATURE-----
Reply to: