Bug 893728 (CVE-2012-2669)

Summary: CVE-2012-2669 hypervkvpd: fails to check origin of netlink messages
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: thozza
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20120508,reported=20120606,source=oss-security,cvss2=2.1/AV:L/AC:L/Au:N/C:N/I:P/A:N,rhel-5/hypervkvpd=notaffected,rhel-6/hypervkvpd=notaffected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-09 14:14:09 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 877573    

Description Vincent Danen 2013-01-09 14:12:28 EST
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.

This is similar to CVE-2012-5532 (see bug #877572 for some of the confusion that happened with regards to the two CVEs).

This is corrected upstream via:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c

And the fixed code is present in hypervkvpd-0-0.7.el5 as provided by Red Hat Enterprise Linux 5.


Statement:

Not vulnerable. This issue did not affect the versions of hypvervkvpd as shipped with Red Hat Enterprise Linux 5.