The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21.
No CVSS v3.1
No CVSS v3.0
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:L/AC:M/Au:N/C:P/I:P/A:P
Vendors | Products |
---|---|
Linux |
|
Configuration 1 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2009-05-05T20:00:00
Updated: 2009-05-23T09:00:00
Reserved: 2009-03-31T00:00:00
Link: CVE-2009-1184
JSON object: View
NVD Information
Status : Modified
Published: 2009-05-05T20:30:00.187
Modified: 2023-11-07T02:03:50.530
Link: CVE-2009-1184
JSON object: View
Redhat Information
No data.
CWE