Vulnerabilities

CVE-2012-3520

by Fred · 03/10/2012

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

Date published : 2012-10-03

http://www.securityfocus.com/bid/55152

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea

Similar

Tags: Cybersecurity Alert