Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 22 Aug 2012 09:20:26 +0200
From: Petr Matousek <>
Subject: CVE-2012-3520 kernel: af_netlink: invalid handling of

A flaw was found in the way Netlink messages without explicitly set
SCM_CREDENTIALS were delivered. The kernel passes all-zero
SCM_CREDENTIALS ancillary data to the receiver if the sender did not
provide such data, instead of including the correct data from the peer
(as it is the case with AF_UNIX). Programs that set SO_PASSCRED option
on the Netlink socket and rely on SCM_CREDENTIALS for authentication
might accept spoofed messages and perform privileged actions on behalf
of the unprivileged attacker.

Introduced in:;a=commit;h=16e572626961

Upstream fix:;a=commit;h=e0e3cea46d31


Red Hat would like to thank Pablo Neira Ayuso for for reporting this

Petr Matousek / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ