You are here

U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges

August 23, 2012 - 7:00am

Addthis

PROBLEM:

Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges

PLATFORM:

Linux Kernel 3.2.x
Linux Kernel 3.4.x
Linux Kernel 3.5.x

ABSTRACT:

A vulnerability was reported in the Linux Kernel.

reference LINKS:

The Linux Kernel Archives
SecurityTracker Alert ID: 1027434
Secunia Advisory SA50323
CVE-2012-3520

IMPACT ASSESSMENT:

Medium

Discussion:

A local user can obtain elevated privileges on the target system. A local user may be able to send specially crafted Netlink messages to spoof SCM_CREDENTIALS and perform actions with elevated privileges.

Impact:

A local user can obtain elevated privileges on the target system.

Solution:

The vendor has issued a fix.

Addthis