A flaw was discovered where xfrm_user_policy was not protected by CAP_NET_ADMIN. A local unprivileged user could use this flaw to bypass or create IPSEC policies. This is not believed to allow privilege escalation, but could lead to a denial of service (since there is no upper bounds on creating policies). A fix was committed to 2.6 to correct this issue: http://linux.bkbits.net:8080/linux-2.6/cset@42f783aesxFQlEEg0e9GPi4oeVDHbA
Created attachment 117851 [details] jwltest-sock-policy-cap.patch
Test kernels available here: http://people.redhat.com/linville/kernels/rhel4/ Test reports welcome... :-)
Created attachment 117854 [details] jwltest-sock-policy-cap.patch Should use the one generated for RHEL4...
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-514.html