Bug 105103 (CVE-2005-2555) - VUL-0: CVE-2005-2555: kernel: missing CAP_NET_ADMIN restrictions on socket policy access
Summary: VUL-0: CVE-2005-2555: kernel: missing CAP_NET_ADMIN restrictions on socket po...
Status: RESOLVED FIXED
Alias: CVE-2005-2555
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other All
: P5 - None : Normal
Target Milestone: ---
Assignee: Marcus Meissner
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-2555: CVSS v2 Base Score: 4....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-17 06:54 UTC by Ludwig Nussel
Modified: 2021-12-07 16:02 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
sockpolicy-restrict.patch (1.13 KB, patch)
2005-08-17 07:17 UTC, Marcus Meissner 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2005-08-17 06:54:53 UTC 
We received the following report via vendor-sec.
The issue is public.

Date: Tue, 16 Aug 2005 22:04:54 +0200
From: Martin Pitt <martin.pitt@ubuntu.com>
To: Vendor Security <vendor-sec@lst.de>
Subject: [vendor-sec] Fwd: Re: CAN request for kernel priv escalation

Hi!

FYI.

Martin

----- Forwarded message from "Steven M. Christey" <coley@linus.mitre.org> -----

Date: Tue, 16 Aug 2005 13:16:56 -0400 (EDT)
From: "Steven M. Christey" <coley@linus.mitre.org>
To: Martin Pitt <martin.pitt@ubuntu.com>
Cc: cve@mitre.org
Subject: Re: CAN request for kernel priv escalation
X-Spam-Status: No, score=1.1 required=4.0 tests=AWL,BAYES_60 autolearn=no 
	version=3.0.3


On Tue, 16 Aug 2005, Martin Pitt wrote:

> While preparing updated kernels for CAN-2005-2456, Herbert Xu
> discovered that the setting of socket policies was not restricted at
> all:
>
> http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6fc0b4a7a73a81e74d0004732df358f4f9975be2

Use CAN-2005-2555

======================================================
Candidate: CAN-2005-2555
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2555
Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fc0b4a7a73a81e74d0004732df358f4f9975be2
Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6fc0b4a7a73a81e74d0004732df358f4f9975be2

Linux kernel 2.6.x does not properly restrict socket policy access to
users with the CAP_NET_ADMIN capability, which could allow local users
to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2)
ipv6/ipv6_sockglue.c.



- Steve

----- End forwarded message -----

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
Comment 1 Marcus Meissner 2005-08-17 07:17:22 UTC 
Created attachment 46233 [details]
sockpolicy-restrict.patch

git extract
Comment 2 Olaf Kirch 2005-08-17 09:14:30 UTC 
Karsten, can you apply this to all trees, please? Thanks!
Comment 3 Karsten Keil 2005-08-17 12:02:15 UTC 
All 2.6 trees I think, I did find the policy stuff in our 2.4 versions ?
Comment 4 Olaf Kirch 2005-08-17 12:07:40 UTC 
Right, none of this existed in 2.4
Comment 5 Karsten Keil 2005-08-17 12:51:31 UTC 
HEAD (SL10) - already here  
SLES9.SP3 - done  
SLES9.SP2/9.1 - done 
9.3 done 
9.2 done 
 
hope I didn't forgot one.
Comment 6 Karsten Keil 2005-08-17 15:20:16 UTC 
So my part is done.
Comment 7 Marcus Meissner 2005-08-19 09:00:21 UTC 
thanks!  
 
-> meissner for tracking
Comment 8 Marcus Meissner 2005-09-01 14:42:25 UTC 
updates released + advisory
Comment 9 Thomas Biege 2009-10-13 20:37:42 UTC 
CVE-2005-2555: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)