CVE-2012-0056
First published: Wed Jan 18 2012(Updated: )
From Linus' patch: "Jüri Aedla reported that the /proc/<pid>/mem handling really isn't very robust, and it also doesn't match the permission checking of any of the other related files. This changes it to do the permission checks at open time, and instead of tracking the process, it tracks the VM at the time of the open. That simplifies the code a lot, but does mean that if you hold the file descriptor open over an execve(), you'll continue to read from the _old_ VM." A local, unprivileged user could use this flaw to escalate their privileges. Upstream commit: <a href="http://git.kernel.org/linus/e268337dfe26dfc7efd422a804dbb27977a3cccc">http://git.kernel.org/linus/e268337dfe26dfc7efd422a804dbb27977a3cccc</a> Acknowledgements: Red Hat would like to thank Jüri Aedla for reporting this issue.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | >=2.6.39<3.0.18 | |
| Linux kernel | >=3.1<3.2.2 | |
| debian/linux-2.6 | ||
| Linux Kernel | >=2.6.39<3.0.18 | |
| Linux Kernel | >=3.1<3.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blog.zx2c4.com/749
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc
- http://secunia.com/advisories/47708
- http://ubuntu.com/usn/usn-1336-1
- http://www.kb.cert.org/vuls/id/470151
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
- http://www.openwall.com/lists/oss-security/2012/01/18/1
- http://www.openwall.com/lists/oss-security/2012/01/18/2
- http://www.openwall.com/lists/oss-security/2012/01/19/4
- http://www.openwall.com/lists/oss-security/2012/01/22/4
- http://www.redhat.com/support/errata/RHSA-2012-0052.html
- http://www.redhat.com/support/errata/RHSA-2012-0061.html
- http://www.securityfocus.com/bid/51625
- https://bugzilla.redhat.com/show_bug.cgi?id=782642
- https://launchpad.net/bugs/cve/CVE-2012-0056
- http://git.kernel.org/linus/e268337dfe26dfc7efd422a804dbb27977a3cccc
- https://rhn.redhat.com/errata/RHSA-2012-0052.html
- https://rhn.redhat.com/errata/RHSA-2012-0061.html
- https://access.redhat.com/kb/docs/DOC-69129
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=782681
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=556461
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=556461&action=edit
- http://seclists.org/oss-sec/2012/q1/178
- http://www.outflux.net/blog/archives/2012/01/22/fixing-vulnerabilities-with-systemtap/
- http://grsecurity.net/~spender/correct_proc_mem_reproducer.c
- http://www.exploit-db.com/exploits/18411/
- http://git.zx2c4.com/CVE-2012-0056/tree/mempodipper.c
- http://git.zx2c4.com/CVE-2012-0056/tree/shellcode-32.s
- http://git.zx2c4.com/CVE-2012-0056/tree/shellcode-64.s
- http://seclists.org/fulldisclosure/2012/Jan/354
- http://ring0.me/exploits/procmem_CVE-2012-0056/cve2012-0056_procmem.tar
- https://github.com/saurik/mempodroid
- http://kodu.ut.ee/~asd/exp-0-aedla/report.html
- http://kodu.ut.ee/~asd/exp-0-aedla/exp-0-aedla.c
- https://lwn.net/Articles/476947/
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc
- https://security-tracker.debian.org/tracker/CVE-2012-0056
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0056
- https://nvd.nist.gov/vuln/detail/CVE-2012-0056
- https://ubuntu.com/security/CVE-2012-0056
Frequently Asked Questions
What is the severity of CVE-2012-0056?
CVE-2012-0056 is classified as having a medium severity level.
How do I fix CVE-2012-0056?
To address CVE-2012-0056, it is recommended to update the Linux kernel to a version that is not vulnerable.
What types of systems are affected by CVE-2012-0056?
CVE-2012-0056 affects versions of the Linux kernel between 2.6.39 and 3.2.2.
What does CVE-2012-0056 exploit?
CVE-2012-0056 exploits insufficient permission checks in the /proc/<pid>/mem file handling.
Who reported the vulnerability identified as CVE-2012-0056?
CVE-2012-0056 was reported by Jüri Aedla.
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-0056
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/event
- agent/trending
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- agent/description
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.39
- version/linux kernel/3.1
- package-manager/debian