CVE Reference: CVE-2012-0056

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-0056

Description:
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

CVE Status:
Candidate

References:

UBUNTU
  http://ubuntu.com/usn/usn-1336-1

SAID
  Secunia Advisory: SA47708

REDHAT
  http://www.redhat.com/support/errata/RHSA-2012-0061.html
  http://www.redhat.com/support/errata/RHSA-2012-0052.html

MLIST
  http://www.openwall.com/lists/oss-security/2012/01/22/4
  http://www.openwall.com/lists/oss-security/2012/01/19/4
  http://www.openwall.com/lists/oss-security/2012/01/18/1
  http://www.openwall.com/lists/oss-security/2012/01/18/2

MISC
  http://blog.zx2c4.com/749

CONFIRM
  http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc

CERT-VN
  470151

BID
  51625


Return to the previous page.