Executive Summary
Summary | |
---|---|
Title | Linux Kernel local privilege escalation via SUID /proc/pid/mem write |
Informations | |||
---|---|---|---|
Name | VU#470151 | First vendor Publication | 2012-01-27 |
Vendor | VU-CERT | Last vendor Modification | 2012-01-27 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#470151Linux Kernel local privilege escalation via SUID /proc/pid/mem writeOverviewLinux kernel >= 2.6.39 incorrectly handles the permissions for /proc/<pid>/mem. A local, authenticated attacker could exploit this vulnerability to escalate to root privileges. Exploit code is available in the wild and there have been reports of active exploitation.I. Description/proc/<pid>/mem is an interface for reading and writing to process memory. The protections to protect unprivileged users from writing to process memory were found to be insufficient and have resulted in exploitation of the interface. By writing to the memory of a suid process, an attacker can run arbitrary code with root privileges. Further technical details can be found on Jason A. Donenfeld's ZX2C4 blog post.II. ImpactA local, authenticated attacker may be able to gain root privileges on the system.III. SolutionApply an updatePatch commit e268337dfe26dfc7efd422a804dbb27977a3cccc has been provided by Linus Torvalds to address this vulnerability. Kernel image 3.0.18 and 3.2.2 have included this commit so far. Users who obtain the Linux kernel from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors.
Referenceshttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc CreditJüri Aedla reported this vulnerability to the Linux kernel developers. This document was written by Jared Allar. Other Information
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify |
Original Source
Url : http://www.kb.cert.org/vuls/id/470151 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14660 | |||
Oval ID: | oval:org.mitre.oval:def:14660 | ||
Title: | USN-1342-1 -- Linux kernel (Oneiric backport) vulnerability | ||
Description: | linux-lts-backport-oneiric: Linux kernel backport from Oneiric The system could be made to run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1342-1 CVE-2012-0056 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | Linux |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27936 | |||
Oval ID: | oval:org.mitre.oval:def:27936 | ||
Title: | DEPRECATED: ELSA-2012-0052 -- kernel security and bug fix update (important) | ||
Description: | [2.6.32-220.4.1.el6] - [fs] Revert 'proc: enable writing to /proc/pid/mem' (Johannes Weiner) [782649 782650] {CVE-2012-0056} [2.6.32-220.3.1.el6] - [kernel] Remove 'WARNING: at kernel/sched.c:5915' (Larry Woodman) [768288 766051] - [x86] kernel: Fix memory corruption in module load (Prarit Bhargava) [769595 767140] - [kernel] Reset clocksource watchdog after sysrq-t (Prarit Bhargava) [755867 742890] - [x86] AMD: Make tsc=reliable override boot time stability checks (Prarit Bhargava) [755867 742890] | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0052 CVE-2012-0056 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | kernel |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2012-01-12 | Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2 |
2012-01-23 | Mempodipper - Linux Local Root for >=2.6.39, 32-bit and 64-bit |
OpenVAS Exploits
Date | Description |
---|---|
2012-12-18 | Name : Fedora Update for kernel FEDORA-2012-20240 File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl |
2012-11-29 | Name : Fedora Update for kernel FEDORA-2012-18691 File : nvt/gb_fedora_2012_18691_kernel_fc16.nasl |
2012-11-06 | Name : Fedora Update for kernel FEDORA-2012-17479 File : nvt/gb_fedora_2012_17479_kernel_fc16.nasl |
2012-09-04 | Name : Fedora Update for kernel FEDORA-2012-12684 File : nvt/gb_fedora_2012_12684_kernel_fc16.nasl |
2012-08-06 | Name : Fedora Update for kernel FEDORA-2012-11348 File : nvt/gb_fedora_2012_11348_kernel_fc16.nasl |
2012-07-30 | Name : CentOS Update for kernel CESA-2012:0052 centos6 File : nvt/gb_CESA-2012_0052_kernel_centos6.nasl |
2012-07-09 | Name : RedHat Update for kernel RHSA-2012:0052-01 File : nvt/gb_RHSA-2012_0052-01_kernel.nasl |
2012-06-25 | Name : Fedora Update for kernel FEDORA-2012-8931 File : nvt/gb_fedora_2012_8931_kernel_fc15.nasl |
2012-06-15 | Name : Fedora Update for kernel FEDORA-2012-8890 File : nvt/gb_fedora_2012_8890_kernel_fc16.nasl |
2012-05-17 | Name : Fedora Update for kernel FEDORA-2012-7594 File : nvt/gb_fedora_2012_7594_kernel_fc15.nasl |
2012-05-14 | Name : Fedora Update for kernel FEDORA-2012-7538 File : nvt/gb_fedora_2012_7538_kernel_fc16.nasl |
2012-04-26 | Name : Fedora Update for kernel FEDORA-2012-6406 File : nvt/gb_fedora_2012_6406_kernel_fc15.nasl |
2012-04-02 | Name : Fedora Update for kernel FEDORA-2012-0876 File : nvt/gb_fedora_2012_0876_kernel_fc16.nasl |
2012-04-02 | Name : Fedora Update for kernel FEDORA-2012-3030 File : nvt/gb_fedora_2012_3030_kernel_fc16.nasl |
2012-04-02 | Name : Fedora Update for kernel FEDORA-2012-3712 File : nvt/gb_fedora_2012_3712_kernel_fc16.nasl |
2012-03-29 | Name : Fedora Update for kernel FEDORA-2012-3715 File : nvt/gb_fedora_2012_3715_kernel_fc15.nasl |
2012-03-22 | Name : Fedora Update for kernel FEDORA-2012-4410 File : nvt/gb_fedora_2012_4410_kernel_fc16.nasl |
2012-03-19 | Name : Fedora Update for kernel FEDORA-2012-3350 File : nvt/gb_fedora_2012_3350_kernel_fc16.nasl |
2012-03-19 | Name : Fedora Update for kernel FEDORA-2012-1497 File : nvt/gb_fedora_2012_1497_kernel_fc16.nasl |
2012-03-16 | Name : Fedora Update for kernel FEDORA-2012-3356 File : nvt/gb_fedora_2012_3356_kernel_fc15.nasl |
2012-03-16 | Name : Ubuntu Update for linux USN-1336-1 File : nvt/gb_ubuntu_USN_1336_1.nasl |
2012-03-16 | Name : Ubuntu Update for linux-ti-omap4 USN-1364-1 File : nvt/gb_ubuntu_USN_1364_1.nasl |
2012-03-07 | Name : Fedora Update for kernel FEDORA-2012-2753 File : nvt/gb_fedora_2012_2753_kernel_fc15.nasl |
2012-02-13 | Name : Fedora Update for kernel FEDORA-2012-1503 File : nvt/gb_fedora_2012_1503_kernel_fc15.nasl |
2012-02-01 | Name : Ubuntu Update for linux-lts-backport-oneiric USN-1342-1 File : nvt/gb_ubuntu_USN_1342_1.nasl |
2012-01-25 | Name : Fedora Update for kernel FEDORA-2012-0861 File : nvt/gb_fedora_2012_0861_kernel_fc15.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78509 | Linux Kernel /proc/<pid>/mem Access Restriction Weakness Local Privileg... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0109.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0061.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-65.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0052.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2001.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120123_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1364-1.nasl - Type : ACT_GATHER_INFO |
2012-01-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1342-1.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0052.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0861.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0876.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0052.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1336-1.nasl - Type : ACT_GATHER_INFO |