CVE-2010-2522 Information

Description

The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel which allows local users to spoof netlink socket communication via a crafted unicast message.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://marc.info/?l=oss-security&m=127850299910685&w=2 http://marc.info/?l=oss-security&m=127859390815405&w=2 http://www.openwall.com/lists/oss-security/2010/07/06/5 http://www.openwall.com/lists/oss-security/2010/07/07/4 http://www.openwall.com/lists/oss-security/2010/07/09/1 http://www.securityfocus.com/bid/41524