CVE-2012-0056

Priority
Medium
Description
The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR
is disabled, does not properly check permissions when writing to
/proc/<pid>/mem, which allows local users to gain privileges by modifying
process memory, as demonstrated by Mempodipper.
Ubuntu-Description
Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem
permissions. A local attacker could exploit this and gain root privileges.
References
Bugs
Notes
mdeslaur> RH says introduced by 198214a7ee, needs checking.
apw> as the proposed fix actually changes behaviour significantly and the
apw> functionality is very new and thus less likely to be needed it has been
apw> decided to revert 198214a for oneiric (the only release affected) and
apw> monitor it in precise for release.
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.0.0-15.26~lucid1)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.7)
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.3)
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.2.0-10.18)
Patches:
Introduced by 198214a7ee50375fa71a65e518341980cfd4b2f0Fixed by e268337dfe26dfc7efd422a804dbb27977a3cccc
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-3.21)
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-4.19)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-02-11 15:14:26 UTC (commit 7735)