CAN-2005-2555: 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey all,
CAN-2005-2555[1] reads:
Linux kernel 2.6.x does not properly restrict socket policy access to
users with the CAP_NET_ADMIN capability, which could allow local users
to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2)
ipv6/ipv6_sockglue.c.
A flaw was discovered where xfrm_user_policy was not protected by
CAP_NET_ADMIN. A local unprivileged user could use this flaw to bypass
or create IPSEC policies. This is not believed to allow privilege
escalation, but could lead to a denial of service (since there is no
upper bounds on creating policies).
This issue doesn't affect 2.4, unless there was a backport of this
functionality.
There appears to be fixes[2],[3],[4] available.
1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2555
2.http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fc0b4a7a73a81e74d0004732df358f4f9975be2
3.http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6fc0b4a7a73a81e74d0004732df358f4f9975
4.http://linux.bkbits.net:8080/linux-2.6/cset@42f783aesxFQlEEg0e9GPi4oeVDHbA
Micah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDCJY29n4qXRzy1ioRAkYzAJwO13c4IwRnPZAhIlGD2gxg1W68UACfSDtZ
yfuZalt23napQ1/5WIegw6E=
=imbP
-----END PGP SIGNATURE-----
Reply to: