CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing

[Petr Matousek <pmatouse () redhat com>]

A flaw was found in the way Netlink messages without explicitly set
SCM_CREDENTIALS were delivered. The kernel passes all-zero
SCM_CREDENTIALS ancillary data to the receiver if the sender did not
provide such data, instead of including the correct data from the peer
(as it is the case with AF_UNIX). Programs that set SO_PASSCRED option
on the Netlink socket and rely on SCM_CREDENTIALS for authentication
might accept spoofed messages and perform privileged actions on behalf
of the unprivileged attacker.

Introduced in:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=16e572626961

Upstream fix:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=e0e3cea46d31

Acknowledgements:

Red Hat would like to thank Pablo Neira Ayuso for for reporting this
issue.

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team