CVE-2009-1184

Publication date 5 May 2009

Last updated 24 July 2024


Ubuntu priority

The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21.

Status

Package Ubuntu Release Status
linux 9.04 jaunty
Fixed 2.6.28-13.45
8.10 intrepid
Fixed 2.6.27-14.35
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release
linux-source-2.6.15 9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper
Not affected

References

Related Ubuntu Security Notices (USN)

    • USN-793-1
    • Linux kernel vulnerabilities
    • 2 July 2009

Other references