MNBSD-2013-4: Insufficient credential checks in network interface ioctl handling (ifioctl)

Severity: Unknown

Affected Package: kernel

Summary: Insufficient credential checks in network interface ioctl handling (ifioctl)

Description

The IPv6 and ATM network-layer ioctl handlers pass unrecognized requests to the link layer, but network interface drivers assume SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK were already validated and therefore skip input validation and credential checks. An unprivileged user can trigger link-layer actions (marking an interface up, resetting hardware) or panic the kernel via a crafted address structure. Patch obtained from FreeBSD.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2013-5691

Published: September 10, 2013
Last Modified: September 10, 2013