Bugzilla – Bug 570606
VUL-1: CVE-2010-0007: kernel: ebtables perm check
Last modified: 2019-07-10 15:31:58 UTC
Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. CVE-2010-0007 Date: Wed, 13 Jan 2010 17:54:51 -0700 From: dann frazier <dannf@dannf.org> To: oss-security@lists.openwall.com Subject: [oss-security] CVE Request: kernel ebtables perm check CC: fwestphal@astaro.com, kaber@trash.net Has a CVE been assigned for this issue yet? commit dce766af541f6605fa9889892c0280bab31c66ab Author: Florian Westphal <fwestphal@astaro.com> Date: Fri Jan 8 17:31:24 2010 +0100 netfilter: ebtables: enforce CAP_NET_ADMIN normal users are currently allowed to set/modify ebtables rules. Restrict it to processes with CAP_NET_ADMIN. Note that this cannot be reproduced with unmodified ebtables binary because it uses SOCK_RAW. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Cc: stable@kernel.org Signed-off-by: Patrick McHardy <kaber@trash.net>
*** Bug 570602 has been marked as a duplicate of this bug. ***
code seems to be from around 2005, so sles10 *, sles11 *, moblin, slert, opensuse 11.0, 11.2. nbot sure on how to inject ctls there and if normal users can do it.
SLES9 SP4 as well. As an aside, we haven't shipped the ebtables userspace with any enterprise release.
Applied to SLES9 SP4, SLES10 SP3, openSUSE 11.0, SLE11, openSUSE 11.2, and master. Bouncing to Greg for Moblin.
A kernel update for SLES 10 SP3 has just been released that mentions/fixes this bug. The released kernel version is 2.6.16.60-0.59.1.
Fixed for MOBLIN_21
Now checked in for MOBLIN_20 kernel
Update released for: kernel-debug, kernel-debug-base, kernel-debug-base-debuginfo, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-default, kernel-default-base, kernel-default-base-debuginfo, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-desktop, kernel-desktop-base, kernel-desktop-base-debuginfo, kernel-desktop-debuginfo, kernel-desktop-debugsource, kernel-desktop-devel, kernel-desktop-devel-debuginfo, kernel-pae, kernel-pae-base, kernel-pae-base-debuginfo, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-base-debuginfo, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-vanilla, kernel-vanilla-base, kernel-vanilla-base-debuginfo, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-vanilla-devel, kernel-vanilla-devel-debuginfo, kernel-xen, kernel-xen-base, kernel-xen-base-debuginfo, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, preload-kmp-default, preload-kmp-desktop Products: openSUSE 11.2 (debug, i586, x86_64)
Update released for: kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-source, kernel-source-debuginfo, samsung-atheros-kmp-default Products: SUSE-MOBLIN 2.0 (i386) SUSE-MOBLIN 2.0-DEBUG (i386) SUSE-MOBLIN-SAMSUNG 2.0 (i386)
Update released for: acerhk-kmp-debug, acx-kmp-debug, appleir-kmp-debug, at76_usb-kmp-debug, atl2-kmp-debug, aufs-kmp-debug, dazuko-kmp-debug, drbd-kmp-debug, gspcav-kmp-debug, iscsitarget-kmp-debug, ivtv-kmp-debug, kernel-debug, kernel-default, kernel-docs, kernel-kdump, kernel-pae, kernel-ppc64, kernel-ps3, kernel-source, kernel-syms, kernel-vanilla, kernel-xen, kqemu-kmp-debug, nouveau-kmp-debug, omnibook-kmp-debug, pcc-acpi-kmp-debug, pcfclock-kmp-debug, tpctl-kmp-debug, uvcvideo-kmp-debug, virtualbox-ose-kmp-debug, vmware-kmp-debug, wlan-ng-kmp-debug Products: openSUSE 11.0 (debug, i386, ppc, x86_64)
We just released a kernel update for SLES 9 that mentions/fixes this bug. The released kernel version is 2.6.5-7.322.
Update released for: kernel-s390x, kernel-s390x-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (s390x)
Update released for: kernel-default, kernel-default-debug, kernel-iseries64, kernel-iseries64-debug, kernel-pmac64, kernel-pmac64-debug, kernel-pseries64, kernel-pseries64-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (ppc)
Update released for: kernel-bigsmp, kernel-bigsmp-debug, kernel-debug, kernel-debug-debug, kernel-default, kernel-default-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, kernel-um, kernel-um-debug, kernel-xen, kernel-xen-debug, kernel-xenpae, kernel-xenpae-debug, um-host-install-initrd, um-host-kernel, xen-kmp, kernel-update.ycp, install-kernel-non-interactive.sh Products: Novell-Linux-POS 9 (i386) SUSE-CORE 9 (i386)
Update released for: kernel-64k-pagesize, kernel-64k-pagesize-debug, kernel-debug, kernel-debug-debug, kernel-default, kernel-default-debug, kernel-sn2, kernel-sn2-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (ia64)
Update released for: kernel-s390, kernel-s390-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (s390)
Update released for: kernel-default, kernel-default-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, kernel-xen, kernel-xen-debug, um-host-kernel, xen-kmp, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (x86_64)
close it as it is in all branches.
Update released for: kernel-bigsmp, kernel-bigsmp-debug, kernel-debug, kernel-debug-debug, kernel-default, kernel-default-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, kernel-um, kernel-um-debug, kernel-xen, kernel-xen-debug, kernel-xenpae, kernel-xenpae-debug, um-host-install-initrd, um-host-kernel, xen-kmp Products: Open-Enterprise-Server 9 (i386)
Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-docs, kernel-kdump, kernel-kdump-debuginfo, kernel-kdump-debugsource, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-extra, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-extra, kernel-ps3, kernel-ps3-debuginfo, kernel-ps3-debugsource, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-extra, kernel-vanilla, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-extra Products: openSUSE 11.1 (debug, i586, ppc, x86_64)
Update released for: cluster-network-kmp-default, ext4dev-kmp-default, ext4dev-kmp-ppc64, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-kdump, kernel-kdump-debuginfo, kernel-kdump-debugsource, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-extra, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 11 (ppc64) SLE-HAE 11 (ppc64) SLE-SERVER 11 (ppc64)
We have released a kernel update for SUSE Linux Enterprise 11 that mentions/fixes this bug. The released version is 2.6.27.45-0.1.1.