LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: privilege escalation

Package(s):kernel CVE #(s):CVE-2012-0056
Created:January 23, 2012 Updated:January 30, 2012
Description: Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem permissions. A local attacker could exploit this and gain root privileges.

See the "zx2c4" weblog and this LWN article for additional details.

Alerts:
Ubuntu USN-1336-1 2012-01-23
Red Hat RHSA-2012:0052-01 2012-01-23
Fedora FEDORA-2012-0876 2012-01-24
CentOS CESA-2012:0052 2012-01-24
Fedora FEDORA-2012-0861 2012-01-24
Red Hat RHSA-2012:0061-01 2012-01-24
Oracle ELSA-2012-0052 2012-01-25
Oracle ELSA-2012-2001 2012-01-25
Oracle ELSA-2012-2001 2012-01-25
Scientific Linux SL-kern-20120125 2012-01-25
Ubuntu USN-1342-1 2012-01-25
Ubuntu USN-1364-1 2012-02-13
Oracle ELSA-2012-0862 2012-07-02
(Log in to post comments)

kernel: privilege escalation

Posted Jan 24, 2012 9:44 UTC (Tue) by NSN-Peter-Marczis (guest, #82457) [Link]

Works on Debian 6 too:

# uname -a
Linux <hostname> 3.0.0-1-amd64 #1 SMP Sat Aug 27 16:21:11 UTC 2011 x86_64 GNU/Linux

kernel: privilege escalation

Posted Jan 27, 2012 11:34 UTC (Fri) by jcristau (subscriber, #41237) [Link]

That's not a Debian 6 kernel. Debian 6 shipped with 2.6.32, which is not affected.

kernel: privilege escalation

Posted Jan 27, 2012 12:46 UTC (Fri) by NSN-Peter-Marczis (guest, #82457) [Link]

Yes, you are right, I'm using testing. Sorry.

kernel: privilege escalation

Posted Jan 30, 2012 22:42 UTC (Mon) by BenHutchings (subscriber, #37955) [Link]

You're not even up-to-date with testing. However, the fixed version (3.2.1-2) has not yet transitioned to testing due to a build failure on armel.

Debian ships fixed versions too

Posted Jan 26, 2012 14:59 UTC (Thu) by Curan (subscriber, #66186) [Link]

Just because it is missing: Debian has fixed this too, see http://security-tracker.debian.org/tracker/CVE-2012-0056

Debian ships fixed versions too

Posted Jan 30, 2012 22:41 UTC (Mon) by BenHutchings (subscriber, #37955) [Link]

Right, there was no DSA because those are only issued for stable/oldstable.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds