U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges

August 23, 2012 - 7:00am

PROBLEM:

Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges

PLATFORM:

Linux Kernel 3.2.x
Linux Kernel 3.4.x
Linux Kernel 3.5.x

ABSTRACT:

A vulnerability was reported in the Linux Kernel.

reference LINKS:

The Linux Kernel Archives
SecurityTracker Alert ID: 1027434
Secunia Advisory SA50323
CVE-2012-3520

IMPACT ASSESSMENT:

Medium

Discussion:

A local user can obtain elevated privileges on the target system. A local user may be able to send specially crafted Netlink messages to spoof SCM_CREDENTIALS and perform actions with elevated privileges.

Impact:

A local user can obtain elevated privileges on the target system.

Solution:

The vendor has issued a fix.

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here

U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges

PROBLEM:

PLATFORM:

ABSTRACT:

reference LINKS:

IMPACT ASSESSMENT:

Discussion:

Impact:

Solution:

JC3 Contact:

Energy.gov

Energy.gov

Office of the Chief Information Officer

Search form

Office of the Chief Information Officer

All Offices

You are here

U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges

Addthis

PROBLEM:

PLATFORM:

ABSTRACT:

reference LINKS:

IMPACT ASSESSMENT:

Discussion:

Impact:

Solution:

Addthis

Related Articles

JC3 Contact:

Energy.gov