CVE-2012-0056 in Ubuntu

CVE-2012-0056

Priority

Medium

Description

The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR
is disabled, does not properly check permissions when writing to
/proc/<pid>/mem, which allows local users to gain privileges by modifying
process memory, as demonstrated by Mempodipper.

Ubuntu-Description

Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem
permissions. A local attacker could exploit this and gain root privileges.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0056
http://www.openwall.com/lists/oss-security/2012/01/18/1
http://www.ubuntu.com/usn/usn-1336-1
http://www.ubuntu.com/usn/usn-1342-1
http://www.ubuntu.com/usn/usn-1364-1

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0056
https://launchpad.net/bugs/919115

Notes

mdeslaur> RH says introduced by 198214a7ee, needs checking.
apw> as the proposed fix actually changes behaviour significantly and the
apw> functionality is very new and thus less likely to be needed it has been
apw> decided to revert 198214a for oneiric (the only release affected) and
apw> monitor it in precise for release.

Package

Source: linux-ec2 (LP Ubuntu Debian)

Upstream:	released (3.3~rc1)
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected
Ubuntu 10.10 (Maverick Meerkat):	ignored (binary supplied by "linux" now)
Ubuntu 11.04 (Natty Narwhal):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE

Package

Source: linux-lts-backport-oneiric (LP Ubuntu Debian)

Upstream:	released (3.3~rc1)
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	released (3.0.0-15.26~lucid1)
Ubuntu 10.10 (Maverick Meerkat):	DNE
Ubuntu 11.04 (Natty Narwhal):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE

Package

Source: linux-lts-backport-natty (LP Ubuntu Debian)

Upstream:	released (3.3~rc1)
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected
Ubuntu 10.10 (Maverick Meerkat):	DNE
Ubuntu 11.04 (Natty Narwhal):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE

Package

Source: linux-mvl-dove (LP Ubuntu Debian)

Upstream:	released (3.3~rc1)
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected
Ubuntu 10.10 (Maverick Meerkat):	not-affected
Ubuntu 11.04 (Natty Narwhal):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE

Package

Source: linux-lts-backport-maverick (LP Ubuntu Debian)

Upstream:	released (3.3~rc1)
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected
Ubuntu 10.10 (Maverick Meerkat):	DNE
Ubuntu 11.04 (Natty Narwhal):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (3.3~rc1)
Ubuntu 8.04 LTS (Hardy Heron):	not-affected
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected
Ubuntu 10.10 (Maverick Meerkat):	not-affected
Ubuntu 11.04 (Natty Narwhal):	not-affected
Ubuntu 11.10 (Oneiric Ocelot):	released (3.0.0-15.26)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected (3.2.0-10.18)

Patches:

Introduced by 198214a7ee50375fa71a65e518341980cfd4b2f0

Fixed by e268337dfe26dfc7efd422a804dbb27977a3cccc

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (3.3~rc1)
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 10.10 (Maverick Meerkat):	not-affected
Ubuntu 11.04 (Natty Narwhal):	not-affected
Ubuntu 11.10 (Oneiric Ocelot):	released (3.0.0-1207.16)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected (3.2.0-1406.8)

Package

Source: linux-fsl-imx51 (LP Ubuntu Debian)

Upstream:	released (3.3~rc1)
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected
Ubuntu 10.10 (Maverick Meerkat):	DNE
Ubuntu 11.04 (Natty Narwhal):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE

More Information

Updated: 2012-02-17 21:14:20 UTC (commit 4865)