| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Aug 2012 14:53:38 -0700 (PDT) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: netdev@...r.kernel.org, pmatouse@...hat.com, fweimer@...hat.com, pablo@...filter.org Subject: Re: [PATCH] af_netlink: force credentials passing [CVE-2012-3520] From: Eric Dumazet <eric.dumazet@...il.com> Date: Tue, 21 Aug 2012 18:21:17 +0200 > From: Eric Dumazet <edumazet@...gle.com> > > Pablo Neira Ayuso discovered that avahi and > potentially NetworkManager accept spoofed Netlink messages because of a > kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data > to the receiver if the sender did not provide such data, instead of not > including any such data at all or including the correct data from the > peer (as it is the case with AF_UNIX). > > This bug was introduced in commit 16e572626961 > (af_unix: dont send SCM_CREDENTIALS by default) > > This patch forces passing credentials for netlink, as > before the regression. > > Another fix would be to not add SCM_CREDENTIALS in > netlink messages if not provided by the sender, but it > might break some programs. > > With help from Florian Weimer & Petr Matousek > > This issue is designated as CVE-2012-3520 > > Signed-off-by: Eric Dumazet <edumazet@...gle.com> Applied and queued up for -stable, thanks Eric. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists