CVE-2012-0056

Опубликовано: 18 янв. 2012

Источник: redhat

CVSS2: 7.2

Описание

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc//mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

Отчет

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as it did not backport the upstream commit 198214a7ee. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0052.html and https://rhn.redhat.com/errata/RHSA-2012-0061.html. For more information, please read https://access.redhat.com/kb/docs/DOC-69129.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2012:0052	23.01.2012
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2012:0061	24.01.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-863

https://bugzilla.redhat.com/show_bug.cgi?id=782642kernel: proc: /proc/<pid>/mem mem_write insufficient permission checking

7.2 High

CVSS2

Связанные уязвимости

CVE-2012-0056

ubuntu

больше 13 лет назад

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.