Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-2123

Опубликовано: 17 мая 2012
Источник: nvd
CVSS2: 7.2
EPSS Низкий

Описание

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 3.0.29 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 3.1 (включая) до 3.2.16 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 3.3 (включая) до 3.3.3 (исключая)

EPSS

Процентиль: 19%
0.00059
Низкий

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2012-2123

ubuntu
около 13 лет назад

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

redhat логотип

CVE-2012-2123

redhat
около 13 лет назад

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

debian логотип

CVE-2012-2123

debian
около 13 лет назад

The cap_bprm_set_creds function in security/commoncap.c in the Linux k ...

github логотип

GHSA-875p-6x4g-fjc2

github
около 3 лет назад

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

oracle-oval логотип

ELSA-2012-2020

oracle-oval
около 13 лет назад

ELSA-2012-2020: Unbreakable Enterprise kernel security and bugfix update (IMPORTANT)

EPSS

Процентиль: 19%
0.00059
Низкий

7.2 High

CVSS2

Дефекты

CWE-264