National Cyber Awareness System

Vulnerability Summary for CVE-2005-2555

Overview

Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.

Impact

CVSS Severity (version 2.0 incomplete approximation):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2005-1878

Hyperlink:http://www.vupen.com/english/advisories/2005/1878

External Source: MANDRAKE

Name: MDKSA-2005:219

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2005:219

External Source: CONFIRM

Name: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fc0b4a7a73a81e74d0004732df358f4f9975be2

Hyperlink:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fc0b4a7a73a81e74d0004732df358f4f9975be2

External Source: OVAL

Name: oval:org.mitre.oval:def:10444

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10444

External Source: UBUNTU

Name: USN-169-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1

External Source: BID

Name: 14609

Hyperlink:http://www.securityfocus.com/bid/14609

External Source: FEDORA

Name: FLSA:157459-3

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/427980/100/0/threaded

External Source: REDHAT

Name: RHSA-2005:663

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-663.html

External Source: REDHAT

Name: RHSA-2005:514

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-514.html

External Source: SUSE

Name: SUSE-SA:2005:050

Hyperlink:http://www.novell.com/linux/security/advisories/2005_50_kernel.html

External Source: MANDRAKE

Name: MDKSA-2005:219

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2005:219

External Source: MANDRAKE

Name: MDKSA-2005:218

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2005:218

External Source: DEBIAN

Name: DSA-1018

Hyperlink:http://www.debian.org/security/2006/dsa-1018

External Source: DEBIAN

Name: DSA-1017

Hyperlink:http://www.debian.org/security/2006/dsa-1017

External Source: SECUNIA

Name: 19374

Hyperlink:http://secunia.com/advisories/19374

External Source: SECUNIA

Name: 19369

Hyperlink:http://secunia.com/advisories/19369

External Source: SECUNIA

Name: 17826

Hyperlink:http://secunia.com/advisories/17826

External Source: SECUNIA

Name: 17073

Hyperlink:http://secunia.com/advisories/17073

External Source: SECUNIA

Name: 17002

Hyperlink:http://secunia.com/advisories/17002

References to Check Content

Identifier:oval:org.mitre.oval:def:10444

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10444