Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3520

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2012-3520
Last Modified 07 Mar 2013 12:00:00
Published 03 Oct 2012 07:02:57
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3520

Summary

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

Vulnerable Systems

Operating System

  • Linux Kernel 2.3.2

  • Linux Kernel 2.3.20

  • Linux Kernel 2.3.21

  • Linux Kernel 2.3.22

  • Linux Kernel 2.3.23

  • Linux Kernel 2.3.24

  • Linux Kernel 2.3.25

  • Linux Kernel 2.3.26

  • Linux Kernel 2.3.27

  • Linux Kernel 2.3.28

  • Linux Kernel 2.3.29

  • Linux Kernel 2.4.33.2

  • Linux Kernel 2.6.13.2

  • Linux Kernel 2.6.23.2

  • Linux Kernel 2.6.33.2

  • Linux Kernel 2.6.33.20

  • Linux Kernel 3.2

  • Linux Kernel 3.2.1

  • Linux Kernel 3.2.10

  • Linux Kernel 3.2.11

  • Linux Kernel 3.2.12

  • Linux Kernel 3.2.13

  • Linux Kernel 3.2.14

  • Linux Kernel 3.2.15

  • Linux Kernel 3.2.16

  • Linux Kernel 3.2.17

  • Linux Kernel 3.2.18

  • Linux Kernel 3.2.19

  • Linux Kernel 3.2.2

  • Linux Kernel 3.2.20

  • Linux Kernel 3.2.21

  • Linux Kernel 3.2.22

  • Linux Kernel 3.2.23

  • Linux Kernel 3.2.24

  • Linux Kernel 3.2.25

  • Linux Kernel 3.2.26

  • Linux Kernel 3.2.27

  • Linux Kernel 3.2.28

  • Linux Kernel 3.2.29

  • Linux Kernel 3.2.3

  • Linux Kernel 3.2.4

  • Linux Kernel 3.2.5

  • Linux Kernel 3.2.6

  • Linux Kernel 3.2.7

  • Linux Kernel 3.2.8

  • Linux Kernel 3.2.9

  • Linux Kernel 3.3.2


References

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea

CONFIRM - https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=850449

MLIST - [oss-security] 20120822 CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30

UBUNTU - USN-1610-1

SUSE - openSUSE-SU-2012:1330

UBUNTU - USN-1599-1

BID - 55152

SECUNIA - 50848

SUSE - openSUSE-SU-2013:0261


Last Updated: 27 May 2016 11:02:22