CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
46.9%
The mem_write function in the Linux kernel before 3.2.2, when ASLR is
disabled, does not properly check permissions when writing to
/proc/<pid>/mem, which allows local users to gain privileges by modifying
process memory, as demonstrated by Mempodipper.
Author | Note |
---|---|
mdeslaur | RH says introduced by 198214a7ee, needs checking. |
apw | as the proposed fix actually changes behaviour significantly and the functionality is very new and thus less likely to be needed it has been decided to revert 198214a for oneiric (the only release affected) and monitor it in precise for release. |
www.openwall.com/lists/oss-security/2012/01/18/1
launchpad.net/bugs/cve/CVE-2012-0056
nvd.nist.gov/vuln/detail/CVE-2012-0056
security-tracker.debian.org/tracker/CVE-2012-0056
ubuntu.com/security/notices/USN-1336-1
ubuntu.com/security/notices/USN-1342-1
ubuntu.com/security/notices/USN-1364-1
www.cve.org/CVERecord?id=CVE-2012-0056