Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:13807
HistoryMay 02, 2019 - 4:41 a.m.

Netlink Messages Spoofing

2019-05-0204:41:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

JSON

kernel-rt is vulnerable to message spoofing. A flaw was found in the way Netlink messages without SCM_CREDENTIALS (used for authentication) data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages.

References

Related

openvas 41
nessus 8
debiancve 1
ubuntucve 1
cve 1
seebug 1
prion 1
amazon 1
suse 1
fedora 17
redhat 1
ubuntu 2
openvas
openvas
Ubuntu Update for linux USN-1610-1
2012-10-16 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-122)
2015-09-08 00:00:00
Ubuntu Update for linux-ti-omap4 USN-1599-1
2012-10-11 00:00:00
nessus
nessus
USN-1599-1 : linux-ti-omap4 vulnerability
2012-10-10 00:00:00
Amazon Linux AMI : kernel (ALAS-2012-122)
2013-09-04 00:00:00
Ubuntu 12.04 LTS : linux vulnerability (USN-1610-1)
2012-10-15 00:00:00
debiancve
debiancve
CVE-2012-3520
2012-10-03 11:02:00
ubuntucve
ubuntucve
CVE-2012-3520
2012-10-03 00:00:00
cve
cve
CVE-2012-3520
2012-10-03 11:02:00
seebug
seebug
Linux Kernel NetlinkζΆˆζ―ε€„η†ζœ¬εœ°ζƒι™ζε‡ζΌζ΄ž
2012-08-26 00:00:00
prion
prion
Code injection
2012-10-03 11:02:00
amazon
amazon
Medium: kernel
2012-09-10 17:56:00
suse
suse
kernel: security and bugfix update (important)
2012-10-12 16:08:23
fedora
fedora
[SECURITY] Fedora 17 Update: kernel-3.5.2-3.fc17
2012-08-22 21:02:48
[SECURITY] Fedora 17 Update: kernel-3.6.3-1.fc17
2012-10-28 00:51:48
[SECURITY] Fedora 17 Update: kernel-3.6.5-1.fc17
2012-11-06 08:01:47
redhat
redhat
(RHSA-2012:1491) Important: kernel-rt security and bug fix update
2012-12-04 00:00:00
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerability
2012-10-09 00:00:00
Linux kernel vulnerability
2012-10-12 00:00:00

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for VERACODE:13807
openvas41nessus8debiancve1ubuntucve1cve1seebug1prion1amazon1suse1fedora17redhat1ubuntu2