1.9

CVE-2012-3520

Exploit
The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 3.2.29
LinuxLinux Kernel Version2.3.2
LinuxLinux Kernel Version2.3.20
LinuxLinux Kernel Version2.3.21
LinuxLinux Kernel Version2.3.22
LinuxLinux Kernel Version2.3.23
LinuxLinux Kernel Version2.3.24
LinuxLinux Kernel Version2.3.25
LinuxLinux Kernel Version2.3.26
LinuxLinux Kernel Version2.3.27
LinuxLinux Kernel Version2.3.28
LinuxLinux Kernel Version2.3.29
LinuxLinux Kernel Version2.4.33.2
LinuxLinux Kernel Version2.6.13.2
LinuxLinux Kernel Version2.6.23.2
LinuxLinux Kernel Version2.6.33.2
LinuxLinux Kernel Version2.6.33.20
LinuxLinux Kernel Version3.2
LinuxLinux Kernel Version3.2 Updaterc2
LinuxLinux Kernel Version3.2 Updaterc3
LinuxLinux Kernel Version3.2 Updaterc4
LinuxLinux Kernel Version3.2 Updaterc5
LinuxLinux Kernel Version3.2 Updaterc6
LinuxLinux Kernel Version3.2 Updaterc7
LinuxLinux Kernel Version3.2.1
LinuxLinux Kernel Version3.2.2
LinuxLinux Kernel Version3.2.3
LinuxLinux Kernel Version3.2.4
LinuxLinux Kernel Version3.2.5
LinuxLinux Kernel Version3.2.6
LinuxLinux Kernel Version3.2.7
LinuxLinux Kernel Version3.2.8
LinuxLinux Kernel Version3.2.9
LinuxLinux Kernel Version3.2.10
LinuxLinux Kernel Version3.2.11
LinuxLinux Kernel Version3.2.12
LinuxLinux Kernel Version3.2.13
LinuxLinux Kernel Version3.2.14
LinuxLinux Kernel Version3.2.15
LinuxLinux Kernel Version3.2.16
LinuxLinux Kernel Version3.2.17
LinuxLinux Kernel Version3.2.18
LinuxLinux Kernel Version3.2.19
LinuxLinux Kernel Version3.2.20
LinuxLinux Kernel Version3.2.21
LinuxLinux Kernel Version3.2.22
LinuxLinux Kernel Version3.2.23
LinuxLinux Kernel Version3.2.24
LinuxLinux Kernel Version3.2.25
LinuxLinux Kernel Version3.2.26
LinuxLinux Kernel Version3.2.27
LinuxLinux Kernel Version3.2.28
LinuxLinux Kernel Version3.3.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.341
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea
http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html
http://secunia.com/advisories/50848
http://www.openwall.com/lists/oss-security/2012/08/22/1
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/55152
http://www.ubuntu.com/usn/USN-1599-1
http://www.ubuntu.com/usn/USN-1610-1
https://bugzilla.redhat.com/show_bug.cgi?id=850449
https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea
Exploit