Improper Socket Policy Access in Linux Kernel 2.6.x

Improper Socket Policy Access in Linux Kernel 2.6.x

CVE-2005-2555 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.

Learn more about our User Device Pen Test.