508944 – (CVE-2014-0181) Kernel: incorrect netlink checks (CVE-2014-0181)

Bug 508944 (CVE-2014-0181) - Kernel: incorrect netlink checks (CVE-2014-0181)

Summary: Kernel: incorrect netlink checks (CVE-2014-0181)

Status:	RESOLVED FIXED

Alias:	CVE-2014-0181

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-04-28 09:18 UTC by Agostino Sarubbo
Modified:	2022-03-25 22:00 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2014-04-28 09:18:37 UTC

CVE-2014-0181 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0181):
  The Netlink implementation in the Linux kernel through 3.14.1 does not 
  provide a mechanism for authorizing socket operations based on the opener 
  of a socket, which allows local users to bypass intended access restrictions 
  and modify network configurations by using a Netlink socket for the (1) 
  stdout or (2) stderr of a setuid program.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2014-08-10 22:02:56 UTC

CVE-2014-0181 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0181):
  The Netlink implementation in the Linux kernel through 3.14.1 does not
  provide a mechanism for authorizing socket operations based on the opener of
  a socket, which allows local users to bypass intended access restrictions
  and modify network configurations by using a Netlink socket for the (1)
  stdout or (2) stderr of a setuid program.

Comment 2 John Helmert III archtester

2022-03-25 22:00:27 UTC

Fix in 3.15 as 90f62cf30a78721641e08737bda787552428061e