Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 848949 - (CVE-2012-6689) CVE-2012-6689 libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages
CVE-2012-6689 libmnl: incorrect validation of netlink message origin allows a...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150206,repor...
: Security
Depends On: 851148
Blocks: 848952
  Show dependency treegraph
 
Reported: 2012-08-16 18:26 EDT by Vincent Danen
Modified: 2015-03-02 06:14 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-02-08 04:16:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vincent Danen 2012-08-16 18:26:29 EDT 
Florian Weimer of the Red Hat Product Security Team discovere that the mnl_nlmsg_portid_ok() function in libmnl 1.0.3 and earlier did not correctly validate the origin of a Netlink message, allowing local attackers to spoof Netlink messages, with context-dependent consequences.
Comment 1 Vincent Danen 2012-08-20 18:52:06 EDT 
This is currently being discussed here:

http://marc.info/?l=linux-netdev&m=134522422125983

but in the capacity of the kernel, not libmnl.
Comment 3 Florian Weimer 2015-02-08 04:16:49 EST 
This was fixed in the kernel, see bug 851968.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.