• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Linux Kernel IPSec Policies Authorization Bypass Vulnerability

Severity: MODERATE

Description:

Linux Kernel is prone to an authorization-bypass vulnerability. The application fails to perform proper authorization before permitting access to the 'setsockopt()' function.

Successful exploitation will permit a local attacker to bypass intended IPSec policies, set invalid policies, and cause a denial of service when adding policies until kernel memory is exhausted.

This issue has been addressed by restricting access to the affected script to processes with the 'CAP_NET_ADMIN' capability.

Note that an attacker can use this vulnerability to enhance the exploitation of BID 14477 (Linux Kernel XFRM Array Index Buffer Overflow Vulnerability); that issue requires the ability to add IPSec policies.

Affected Products:

• Conectiva Linux 10.0.0
• Debian Linux 3.1.0
• Debian Linux 3.1.0 alpha
• Debian Linux 3.1.0 amd64
• Debian Linux 3.1.0 arm
• Debian Linux 3.1.0 hppa
• Debian Linux 3.1.0 ia-32
• Debian Linux 3.1.0 ia-64
• Debian Linux 3.1.0 m68k
• Debian Linux 3.1.0 mips
• Debian Linux 3.1.0 mipsel
• Debian Linux 3.1.0 ppc
• Debian Linux 3.1.0 s/390
• Debian Linux 3.1.0 sparc
• Linux kernel 2.6.0
• Linux kernel 2.6.0 -test1
• Linux kernel 2.6.0 -test10
• Linux kernel 2.6.0 -test11
• Linux kernel 2.6.0 -test2
• Linux kernel 2.6.0 -test3
• Linux kernel 2.6.0 -test4
• Linux kernel 2.6.0 -test5
• Linux kernel 2.6.0 -test6
• Linux kernel 2.6.0 -test7
• Linux kernel 2.6.0 -test8
• Linux kernel 2.6.0 -test9
• Linux kernel 2.6.0 -test9-CVS
• Linux kernel 2.6.0 .10
• Linux kernel 2.6.1
• Linux kernel 2.6.1 -rc1
• Linux kernel 2.6.1 -rc2
• Linux kernel 2.6.10
• Linux kernel 2.6.10 rc2
• Linux kernel 2.6.11
• Linux kernel 2.6.11 -rc2
• Linux kernel 2.6.11 -rc3
• Linux kernel 2.6.11 -rc4
• Linux kernel 2.6.11 .11
• Linux kernel 2.6.11 .5
• Linux kernel 2.6.11 .6
• Linux kernel 2.6.11 .7
• Linux kernel 2.6.11 .8
• Linux kernel 2.6.12 -rc1
• Linux kernel 2.6.12 -rc4
• Linux kernel 2.6.12 .1
• Linux kernel 2.6.2
• Linux kernel 2.6.3
• Linux kernel 2.6.4
• Linux kernel 2.6.5
• Linux kernel 2.6.6
• Linux kernel 2.6.6 rc1
• Linux kernel 2.6.7
• Linux kernel 2.6.7 rc1
• Linux kernel 2.6.8
• Linux kernel 2.6.8 rc1
• Linux kernel 2.6.8 rc2
• Linux kernel 2.6.8 rc3
• Linux kernel 2.6.9
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Corporate Server 3.0.0 x86_64
• MandrakeSoft Linux Mandrake 10.1.0
• MandrakeSoft Linux Mandrake 10.1.0 x86_64
• MandrakeSoft Multi Network Firewall 2.0.0
• RedHat Desktop 3.0.0
• RedHat Desktop 4.0.0
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux AS 4
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux ES 4
• RedHat Enterprise Linux WS 3
• RedHat Enterprise Linux WS 4
• RedHat Fedora Core2
• RedHat Fedora Core3
• RedHat Fedora Core4
• S.u.S.E. Linux Enterprise Server 9
• S.u.S.E. Linux Personal 9.1.0
• S.u.S.E. Linux Personal 9.1.0 x86_64
• S.u.S.E. Linux Personal 9.2.0
• S.u.S.E. Linux Personal 9.2.0 x86_64
• S.u.S.E. Linux Personal 9.3.0
• S.u.S.E. Linux Personal 9.3.0 x86_64
• S.u.S.E. Linux Professional 9.1.0
• S.u.S.E. Linux Professional 9.1.0 x86_64
• S.u.S.E. Linux Professional 9.2.0
• S.u.S.E. Linux Professional 9.2.0 x86_64
• S.u.S.E. Linux Professional 9.3.0
• S.u.S.E. Linux Professional 9.3.0 x86_64
• S.u.S.E. Novell Linux Desktop 9.0.0
• Trustix Secure Linux 3.0.0
• Ubuntu Ubuntu Linux 4.1.0 ia32
• Ubuntu Ubuntu Linux 4.1.0 ia64
• Ubuntu Ubuntu Linux 4.1.0 ppc
• Ubuntu Ubuntu Linux 5.0.0 4 amd64
• Ubuntu Ubuntu Linux 5.0.0 4 i386
• Ubuntu Ubuntu Linux 5.0.0 4 powerpc

References:

• Herbert Xu <herbert@gondor.apana.org.au>: [IPSEC]: Restrict socket policy loading to CAP_NET_ADMIN.
• RedHat: RHSA-2005:514-44 - Updated kernel packages available for Red Hat Enterprise Linu
• RedHat: RHSA-2005:663-19 - Updated kernel packages available for Red Hat Enterprise Linu
• kernel.org: Linux v2.6.13-rc7

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.