Red Hat Bugzilla – Bug 166131
CAN-2005-2555 IPSEC lacks restrictions
Last modified: 2007-11-30 17:07:19 EST
A flaw was discovered where xfrm_user_policy was not protected by CAP_NET_ADMIN.
A local unprivileged user could use this flaw to bypass or create IPSEC
policies. This is not believed to allow privilege escalation, but could lead to
a denial of service (since there is no upper bounds on creating policies).
A fix was committed to 2.6 to correct this issue:
Created attachment 117851 [details]
Test kernels available here:
Test reports welcome... :-)
Created attachment 117854 [details]
Should use the one generated for RHEL4...
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.