CVE-2012-3520

Bug #1052602 reported by John Johansen
This bug report is a duplicate of:  Bug #1052097: CVE-2012-3520. Edit Remove
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
High
Unassigned
Hardy
Invalid
High
Unassigned
Lucid
Invalid
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Invalid
High
Unassigned
Precise
Fix Committed
High
Unassigned
Quantal
Invalid
High
Unassigned
linux-armadaxp (Ubuntu)
Fix Committed
High
Unassigned
Hardy
Invalid
High
Unassigned
Lucid
Invalid
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Invalid
High
Unassigned
Precise
Fix Committed
High
Unassigned
Quantal
Fix Committed
High
Unassigned
linux-ec2 (Ubuntu)
Invalid
High
Unassigned
Hardy
Invalid
High
Unassigned
Lucid
Invalid
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Quantal
Invalid
High
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
High
Unassigned
Hardy
Invalid
High
Unassigned
Lucid
Invalid
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Quantal
Invalid
High
Unassigned
linux-lts-backport-maverick (Ubuntu)
Invalid
High
Unassigned
Hardy
Invalid
High
Unassigned
Lucid
Invalid
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Quantal
Invalid
High
Unassigned
linux-lts-backport-natty (Ubuntu)
Invalid
High
Unassigned
Hardy
Invalid
High
Unassigned
Lucid
Invalid
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Quantal
Invalid
High
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Invalid
High
Unassigned
Hardy
Invalid
High
Unassigned
Lucid
Invalid
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Quantal
Invalid
High
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
High
Unassigned
Hardy
Invalid
High
Unassigned
Lucid
Invalid
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Quantal
Invalid
High
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
High
Unassigned
Hardy
Invalid
High
Unassigned
Lucid
Invalid
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Invalid
High
Unassigned
Precise
Fix Committed
High
Unassigned
Quantal
Invalid
High
Unassigned

Bug Description

Pablo Neira Ayuso discovered that avahi and potentially NetworkManager accept spoofed Netlink messages because of a kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data to the receiver if the sender did not provide such data, instead of not including any such data at all or including the correct data from the peer (as it is the case with AF_UNIX).

Break-Fix: 16e5726269611b71c930054ffe9b858c1cea88eb e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea

CVE References

Revision history for this message
John Johansen (jjohansen) wrote :

CVE-2012-3520

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Natty):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → High
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
importance: Undecided → High
Changed in linux (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → High
Changed in linux (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → High
Changed in linux (Ubuntu Natty):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → High
description: updated
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.