製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel の Netlink の実装におけるアクセス制限を回避される脆弱性

Title	Linux Kernel の Netlink の実装におけるアクセス制限を回避される脆弱性
Summary	Linux Kernel の Netlink の実装は、ソケットの開放に基づいてソケット操作を認証するメカニズムを提供しないため、アクセス制限を回避され、ネットワークの設定を変更される脆弱性が存在します。
Possible impacts	ローカルユーザにより、setuid プログラムの (1) stdout または (2) stderr に Netlink ソケットを使用されることで、アクセス制限を回避され、ネットワークの設定を変更される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 24, 2014, midnight
Registration Date	April 30, 2014, 4:08 p.m.
Last Update	Dec. 18, 2014, 6:05 p.m.

CVSS2.0 : 注意
Score	2.1
Vector	AV:L/AC:L/Au:N/C:N/I:P/A:N

Affected System

Linux

Linux Kernel 3.14.1 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0181	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181
National Vulnerability Database (NVD)
2	CVE-2014-0181	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0181

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
kernel.org
1	commit 47026b1fcb6328417277bb3a61b055f138d29eda	https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9
2	commit 7ab9233c18a4413c7db130c96aa16fae89e06547	https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45
Linux Kernel
3	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
4	net: Use netlink_ns_capable to verify the permisions of netlink messages	https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e
Red Hat Security Advisory
5	RHSA-2014:1959	https://rhn.redhat.com/errata/RHSA-2014-1959.html

Change Log

No	Changed Details	Date of change
0	[2014年04月30日] 掲載 [2014年12月18日] ベンダ情報：レッドハット (RHSA-2014:1959) を追加ベンダ情報：kernel.org (commit 47026b1fcb6328417277bb3a61b055f138d29eda) を追加ベンダ情報：kernel.org (commit 7ab9233c18a4413c7db130c96aa16fae89e06547) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-0181

Summary	The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
Publication Date	April 27, 2014, 9:55 a.m.
Registration Date	Jan. 26, 2021, 3:04 p.m.
Last Update	Nov. 21, 2024, 11:01 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::			3.14.1

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::*
cpe:2.3:o:opensuse:evergreen:11.4:::::::*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3::::::
cpe:2.3:o:redhat:enterprise_linux_desktop:5:::::::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html	Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html	Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html	Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html	Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html	Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html	Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html	Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html	Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html	Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html	Third Party Advisory
11	http://marc.info/?l=linux-netdev&m=139828832919748&w=2	Third Party Advisory
12	http://marc.info/?l=linux-netdev&m=139828832919748&w=2	Third Party Advisory
13	http://rhn.redhat.com/errata/RHSA-2014-1959.html	Third Party Advisory
14	http://rhn.redhat.com/errata/RHSA-2014-1959.html	Third Party Advisory
15	http://www.openwall.com/lists/oss-security/2014/04/23/6	Mailing List Third Party Advisory
16	http://www.openwall.com/lists/oss-security/2014/04/23/6	Mailing List Third Party Advisory
17	http://www.openwall.com/lists/oss-security/2023/04/16/3
18	http://www.openwall.com/lists/oss-security/2023/04/16/3
19	https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e	Patch Vendor Advisory
20	https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e	Patch Vendor Advisory
21	https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45	Release Notes Vendor Advisory
22	https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45	Release Notes Vendor Advisory
23	https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9	Release Notes Vendor Advisory
24	https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9	Release Notes Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::*
cpe:2.3:o:opensuse:evergreen:11.4:::::::*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3::::::
cpe:2.3:o:redhat:enterprise_linux_desktop:5:::::::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:::::::*