Red Hat Bugzilla – Bug 166132
CVE-2005-2555 IPSEC lacks restrictions
Last modified: 2007-11-30 17:07:08 EST
This issue does not affect linux 2.4 but affects Red Hat Enterprise Linux 3 as
it contains a backport of this functionality.
+++ This bug was initially created as a clone of Bug #166131 +++
A flaw was discovered where xfrm_user_policy was not protected by CAP_NET_ADMIN.
A local unprivileged user could use this flaw to bypass or create IPSEC
policies. This is not believed to allow privilege escalation, but could lead to
a denial of service (since there is no upper bounds on creating policies).
A fix was committed to 2.6 to correct this issue:
Created attachment 117852 [details]
Test kernels available here:
Test reports welcome... :-)
Reverting to ASSIGNED state, since John has completed the testing.
I think that this is RHEL3 U6 respin material.
A fix for this problem has just been committed to the RHEL3 U6
patch pool this evening (in kernel version 2.4.21-35.EL).
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.