Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 432316 (CVE-2012-3520) - Kernel: Netlink Message Handling Privilege Escalation Vulnerability (CVE-2012-3520)
Summary: Kernel: Netlink Message Handling Privilege Escalation Vulnerability (CVE-2012...
Alias: CVE-2012-3520
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
Depends on:
Reported: 2012-08-22 15:37 UTC by Agostino Sarubbo
Modified: 2018-04-04 18:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-08-22 15:37:09 UTC
From secunia: 

A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The vulnerability is caused due to all-zero SCM_CREDENTIALS ancillary data being passed to a receiver in cases where the sender did not provide it. This can be exploited to spoof Netlink messages and perform certain actions with escalated privileges.

Fixed in the GIT repository.


af_netlink: force credentials passing [CVE-2012-3520]

Pablo Neira Ayuso discovered that avahi and
potentially NetworkManager accept spoofed Netlink messages because of a
kernel bug.  The kernel passes all-zero SCM_CREDENTIALS ancillary data
to the receiver if the sender did not provide such data, instead of not
including any such data at all or including the correct data from the
peer (as it is the case with AF_UNIX).

This bug was introduced in commit 16e572626961
(af_unix: dont send SCM_CREDENTIALS by default)

This patch forces passing credentials for netlink, as
before the regression.

Another fix would be to not add SCM_CREDENTIALS in
netlink messages if not provided by the sender, but it
might break some programs.

With help from Florian Weimer & Petr Matousek

This issue is designated as CVE-2012-3520
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 18:13:47 UTC
There are no longer any 2.x or <3.2.30 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.