Lucene search

K
certCERTVU:470151
HistoryJan 27, 2012 - 12:00 a.m.

Linux Kernel local privilege escalation via SUID /proc/pid/mem write

2012-01-2700:00:00
www.kb.cert.org
309

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

46.9%

Overview

Linux kernel >= 2.6.39 incorrectly handles the permissions for /proc/<pid>/mem. A local, authenticated attacker could exploit this vulnerability to escalate to root privileges. Exploit code is available in the wild and there have been reports of active exploitation.

Description

/proc/<pid>/mem is an interface for reading and writing to process memory. The protections to protect unprivileged users from writing to process memory were found to be insufficient and have resulted in exploitation of the interface. By writing to the memory of a suid process, an attacker can run arbitrary code with root privileges. Further technical details can be found on Jason A. Donenfeld’s ZX2C4 blog post.

Impact

A local, authenticated attacker may be able to gain root privileges on the system.

Solution

Apply an update
Patch commit e268337dfe26dfc7efd422a804dbb27977a3cccc has been provided by Linus Torvalds to address this vulnerability. Kernel image 3.0.18 and 3.2.2 have included this commit so far.Users who obtain the Linux kernel from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors.

Vendor Information

470151

Filter by status: All Affected Not Affected Unknown

Filter by content: __Additional information available

__Sort by: Status Alphabetical

Expand all

Javascript is disabled. Clickhere to view vendors.

CentOS Affected

Updated: January 27, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux Affected

Updated: January 28, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Red Hat, Inc. Affected

Updated: January 27, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Ubuntu Affected

Updated: January 27, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Debian GNU/Linux __ Not Affected

Updated: January 27, 2012

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The stable branch of Debian is unaffected because it uses an earlier version of the kernel that does not include the vulnerable code.

SUSE Linux Unknown

Updated: January 27, 2012

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Slackware Linux Inc. Unknown

Updated: January 27, 2012

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CVSS Metrics

Group Score Vector
Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal 5.6 E:F/RL:OF/RC:C
Environmental 5.6 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Acknowledgements

JΓΌri Aedla reported this vulnerability to the Linux kernel developers.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2012-0056
Severity Metric: 15.32 Date Public:

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

46.9%