Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2012-1568

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 17 ΠΌΠ°Ρ€. 2012
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat
CVSS2: 1.9

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ Π² Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΈ ExecShield Π² ΠΎΠΏΡ€Π΅Π΄Π΅Π»Ρ‘Π½Π½ΠΎΠΌ ΠΏΠ°Ρ‚Ρ‡Π΅ Red Hat для ядра Linux, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ ΠΎΠ±ΠΎΠΉΡ‚ΠΈ ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ASLR Ρ‡Π΅Ρ€Π΅Π· прСдсказуСмый Π±Π°Π·ΠΎΠ²Ρ‹ΠΉ адрСс ΠΎΠ΄Π½ΠΎΠΉ ΠΈΠ· Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ

ОписаниС

ΠžΠ±Π½Π°Ρ€ΡƒΠΆΠ΅Π½Π° ΡƒΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ Π² Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΈ ExecShield, Ρ€Π΅Π°Π»ΠΈΠ·ΠΎΠ²Π°Π½Π½ΠΎΠΉ Π² ΠΎΠΏΡ€Π΅Π΄Π΅Π»Ρ‘Π½Π½ΠΎΠΌ ΠΏΠ°Ρ‚Ρ‡Π΅ Red Hat для ядра Linux Π² Red Hat Enterprise Linux (RHEL) 5 ΠΈ 6, Π° Ρ‚Π°ΠΊΠΆΠ΅ Fedora 15 ΠΈ 16. ΠŸΡ€ΠΎΠ±Π»Π΅ΠΌΠ° Π·Π°ΠΊΠ»ΡŽΡ‡Π°Π΅Ρ‚ΡΡ Π² Π½Π΅ΠΊΠΎΡ€Ρ€Π΅ΠΊΡ‚Π½ΠΎΠΉ ΠΎΠ±Ρ€Π°Π±ΠΎΡ‚ΠΊΠ΅ использования большого количСства ΠΎΠ±Ρ‰ΠΈΡ… Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ (shared libraries) 32-Π±ΠΈΡ‚Π½Ρ‹ΠΌ исполняСмым Ρ„Π°ΠΉΠ»ΠΎΠΌ. Π­Ρ‚ΠΎ позволяСт Π·Π»ΠΎΡƒΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΈΠΊΠ°ΠΌ, ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡŽΡ‰ΠΈΠΌ контСкстно-зависимыС Π°Ρ‚Π°ΠΊΠΈ, ΠΎΠ±ΠΎΠΉΡ‚ΠΈ ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌ Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ASLR (Address Space Layout Randomization), ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡ прСдсказуСмый Π±Π°Π·ΠΎΠ²Ρ‹ΠΉ адрСс ΠΎΠ΄Π½ΠΎΠΉ ΠΈΠ· этих Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊ.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ вСрсии ПО

  • Red Hat Enterprise Linux (RHEL) 5 ΠΈ 6
  • Fedora 15 ΠΈ 16

Π’ΠΈΠΏ уязвимости

ΠžΠ±Ρ…ΠΎΠ΄ ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌΠ° Π·Π°Ρ‰ΠΈΡ‚Ρ‹ ASLR

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹

ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ°ΠŸΠ°ΠΊΠ΅Ρ‚Π‘ΠΎΡΡ‚ΠΎΡΠ½ΠΈΠ΅Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΡΠ Π΅Π»ΠΈΠ·
Red Hat Enterprise Linux Extended Update Support 5.6kernelAffected
Red Hat Enterprise Linux Extended Update Support 6.2kernelAffected
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 5kernelFixedRHSA-2013:016822.01.2013
Red Hat Enterprise Linux 6kernelFixedRHSA-2012:142606.11.2012

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Бтатус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=804947kernel: execshield: predictable ascii armour base address

1.9 Low

CVSS2

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2012-1568

ubuntu
большС 13 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2012-1568

nvd
большС 13 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2012-1568

debian
большС 13 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The ExecShield feature in a certain Red Hat patch for the Linux kernel ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-vp43-m2w7-p2vc

github
ΠΎΠΊΠΎΠ»ΠΎ 4 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.

oracle-oval Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

ELSA-2013-0168

oracle-oval
большС 13 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ELSA-2013-0168: kernel security and bug fix update (MODERATE)

1.9 Low

CVSS2

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2012-1568