SUSE CVE-2009-1184
The selinuxippostrouteiptablescompat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compatnet is enabled, omits calls to avchasperm for the 1 node and 2 port, which allows local users to bypass intended...