Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-0056
HistoryJan 19, 2012 - 12:00 a.m.

CVE-2012-0056

2012-01-1900:00:00
ubuntu.com
ubuntu.com
17

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

46.9%

The mem_write function in the Linux kernel before 3.2.2, when ASLR is
disabled, does not properly check permissions when writing to
/proc/<pid>/mem, which allows local users to gain privileges by modifying
process memory, as demonstrated by Mempodipper.

Bugs

Notes

Author Note
mdeslaur RH says introduced by 198214a7ee, needs checking.
apw as the proposed fix actually changes behaviour significantly and the functionality is very new and thus less likely to be needed it has been decided to revert 198214a for oneiric (the only release affected) and monitor it in precise for release.
OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchlinux<Β 3.0.0-15.26UNKNOWN
ubuntu10.04noarchlinux-lts-backport-oneiric<Β 3.0.0-15.26~lucid1UNKNOWN
ubuntu11.10noarchlinux-ti-omap4<Β 3.0.0-1207.16UNKNOWN

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

46.9%