CVE Vulnerabilities

CVE-2012-3520

Improper Authentication

Published: Oct 03, 2012 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 3.2.21 3.2.21
Linux_kernel Linux 2.3.21 2.3.21
Linux_kernel Linux 3.2.19 3.2.19
Linux_kernel Linux 3.2.23 3.2.23
Linux_kernel Linux 3.2.18 3.2.18
Linux_kernel Linux 3.2.5 3.2.5
Linux_kernel Linux 3.2.26 3.2.26
Linux_kernel Linux 2.3.28 2.3.28
Linux_kernel Linux * 3.2.29
Linux_kernel Linux 2.3.26 2.3.26
Linux_kernel Linux 3.2 3.2
Linux_kernel Linux 3.2.16 3.2.16
Linux_kernel Linux 3.2 3.2
Linux_kernel Linux 3.3.2 3.3.2
Linux_kernel Linux 3.2.27 3.2.27
Linux_kernel Linux 2.4.33.2 2.4.33.2
Linux_kernel Linux 2.3.27 2.3.27
Linux_kernel Linux 3.2 3.2
Linux_kernel Linux 2.6.13.2 2.6.13.2
Linux_kernel Linux 3.2.11 3.2.11
Linux_kernel Linux 2.3.24 2.3.24
Linux_kernel Linux 2.6.33.2 2.6.33.2
Linux_kernel Linux 3.2.10 3.2.10
Linux_kernel Linux 3.2.14 3.2.14
Linux_kernel Linux 3.2.25 3.2.25
Linux_kernel Linux 3.2.4 3.2.4
Linux_kernel Linux 2.3.29 2.3.29
Linux_kernel Linux 2.3.2 2.3.2
Linux_kernel Linux 3.2.9 3.2.9
Linux_kernel Linux 3.2.15 3.2.15
Linux_kernel Linux 3.2.20 3.2.20
Linux_kernel Linux 3.2.24 3.2.24
Linux_kernel Linux 2.6.33.20 2.6.33.20
Linux_kernel Linux 3.2.6 3.2.6
Linux_kernel Linux 2.3.23 2.3.23
Linux_kernel Linux 3.2.2 3.2.2
Linux_kernel Linux 2.3.22 2.3.22
Linux_kernel Linux 3.2 3.2
Linux_kernel Linux 3.2.13 3.2.13
Linux_kernel Linux 3.2.1 3.2.1
Linux_kernel Linux 3.2.7 3.2.7
Linux_kernel Linux 2.6.23.2 2.6.23.2
Linux_kernel Linux 2.3.20 2.3.20
Linux_kernel Linux 3.2.22 3.2.22
Linux_kernel Linux 2.3.25 2.3.25
Linux_kernel Linux 3.2 3.2
Linux_kernel Linux 3.2.17 3.2.17
Linux_kernel Linux 3.2 3.2
Linux_kernel Linux 3.2.8 3.2.8
Linux_kernel Linux 3.2 3.2
Linux_kernel Linux 3.2.12 3.2.12
Linux_kernel Linux 3.2.28 3.2.28
Linux_kernel Linux 3.2.3 3.2.3

Potential Mitigations

References