Vulnerability-Lookup

CVE-2012-0056 (GCVE-0-2012-0056)

Vulnerability from cvelistv5 – Published: 2012-01-27 15:00 – Updated: 2024-08-06 18:09

Summary

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.securityfocus.com/bid/51625	vdb-entryx_refsource_BID
	http://blog.zx2c4.com/749	x_refsource_MISC
	http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
	http://ubuntu.com/usn/usn-1336-1	vendor-advisoryx_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2012-00…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/47708	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2012/01/19/4	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2012/01/18/2	mailing-listx_refsource_MLIST
	http://www.redhat.com/support/errata/RHSA-2012-00…	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2012/01/18/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2012/01/22/4	mailing-listx_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=782642	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v3.x/Chang…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/470151	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "51625",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51625"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.zx2c4.com/749"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc"
          },
          {
            "name": "USN-1336-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1336-1"
          },
          {
            "name": "RHSA-2012:0052",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2012-0052.html"
          },
          {
            "name": "47708",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47708"
          },
          {
            "name": "[oss-security] 20120119 Re: CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/01/19/4"
          },
          {
            "name": "[oss-security] 20120117 Re: CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/01/18/2"
          },
          {
            "name": "RHSA-2012:0061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2012-0061.html"
          },
          {
            "name": "[oss-security] 20120118 CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/01/18/1"
          },
          {
            "name": "[oss-security] 20120122 Re: CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/01/22/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782642"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
          },
          {
            "name": "VU#470151",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/470151"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/\u003cpid\u003e/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "51625",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51625"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.zx2c4.com/749"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc"
        },
        {
          "name": "USN-1336-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1336-1"
        },
        {
          "name": "RHSA-2012:0052",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2012-0052.html"
        },
        {
          "name": "47708",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47708"
        },
        {
          "name": "[oss-security] 20120119 Re: CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/01/19/4"
        },
        {
          "name": "[oss-security] 20120117 Re: CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/01/18/2"
        },
        {
          "name": "RHSA-2012:0061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2012-0061.html"
        },
        {
          "name": "[oss-security] 20120118 CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/01/18/1"
        },
        {
          "name": "[oss-security] 20120122 Re: CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/01/22/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782642"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
        },
        {
          "name": "VU#470151",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/470151"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0056",
    "datePublished": "2012-01-27T15:00:00.000Z",
    "dateReserved": "2011-12-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:09:17.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-669

Vulnerability from certfr_avis - Published: 2021-09-01 - Updated: 2021-09-01

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	micrologiciel des équipements de la gamme WAC-2004 : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme OnCell G3470A sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme WDR-3124A : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme WAC-1001 sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme TAP-323 sans le dernier correctif

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021	None	vendor-advisory
Bulletin de sécurité Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-2004 : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme OnCell G3470A sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WDR-3124A : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-1001 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme TAP-323 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2012-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2136"
    },
    {
      "name": "CVE-2012-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
    },
    {
      "name": "CVE-2018-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6485"
    },
    {
      "name": "CVE-2017-7618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7618"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2010-4805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4805"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2017-11176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
    },
    {
      "name": "CVE-2016-4997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2006-2940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
    },
    {
      "name": "CVE-2021-39279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39279"
    },
    {
      "name": "CVE-2021-39278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39278"
    },
    {
      "name": "CVE-2012-6638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6638"
    },
    {
      "name": "CVE-2014-2523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2523"
    },
    {
      "name": "CVE-2016-10229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
    },
    {
      "name": "CVE-2016-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2011-0709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0709"
    },
    {
      "name": "CVE-2010-4251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
    },
    {
      "name": "CVE-2014-3512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3512"
    },
    {
      "name": "CVE-2012-3552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3552"
    },
    {
      "name": "CVE-2012-6701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6701"
    },
    {
      "name": "CVE-2017-1000111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
    },
    {
      "name": "CVE-2019-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3896"
    },
    {
      "name": "CVE-2012-6704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2016-8717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8717"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2016-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
    },
    {
      "name": "CVE-2008-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2014-9984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9984"
    },
    {
      "name": "CVE-2009-1298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1298"
    },
    {
      "name": "CVE-2015-1465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1465"
    },
    {
      "name": "CVE-2012-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4412"
    },
    {
      "name": "CVE-2014-9402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9402"
    },
    {
      "name": "CVE-2006-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
    },
    {
      "name": "CVE-2016-8666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2016-7117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
    },
    {
      "name": "CVE-2011-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
    },
    {
      "name": "CVE-2006-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
    },
    {
      "name": "CVE-2015-7547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
    },
    {
      "name": "CVE-2014-5119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5119"
    },
    {
      "name": "CVE-2017-8890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
    },
    {
      "name": "CVE-2016-7406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7406"
    },
    {
      "name": "CVE-2013-7470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7470"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2012-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0056"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2010-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2692"
    },
    {
      "name": "CVE-2016-2148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2148"
    },
    {
      "name": "CVE-2010-3848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3848"
    },
    {
      "name": "CVE-2010-1162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1162"
    }
  ],
  "initial_release_date": "2021-09-01T00:00:00",
  "last_revision_date": "2021-09-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-669",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
    }
  ]
}

CERTA-2012-AVI-034

Vulnerability from certfr_avis - Published: 2012-01-30 - Updated: 2012-01-30

Une vulnérabilité dans le noyau Linux permet à un utilisateur d'élever ses privilèges.

Description

Une vulnérabilité a été corrigée dans le noyau Linux. Le noyau ne contrôle pas correctement les permissions en écriture lors d'un accès à /proc/\<pid>/mem par la fonction mem_write. Un utilisateur peut exploiter cette vulnérabilité pour élever ses privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Certaines versions du noyau Linux 2.6.3x. Se référer aux bulletins des fournisseurs de distributions Linux pour connaître leurs versions concernées. La version stable de Debian n'est pas affectée.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité RedHat RHSA-2012:0052 du 23 janvier 2012	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2012:0052 du 23 janvier 2012 :	-	other
Bulletin de sécurité Ubuntu USN-1336-1 du 23 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCertaines versions du noyau Linux  2.6.3x. Se r\u00e9f\u00e9rer aux bulletins des fournisseurs de  distributions Linux pour conna\u00eetre leurs versions concern\u00e9es. La  version stable de Debian n\u0027est pas affect\u00e9e.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le noyau Linux. Le noyau ne\ncontr\u00f4le pas correctement les permissions en \u00e9criture lors d\u0027un acc\u00e8s \u00e0\n/proc/\\\u003cpid\\\u003e/mem par la fonction mem_write. Un utilisateur peut\nexploiter cette vuln\u00e9rabilit\u00e9 pour \u00e9lever ses privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0056"
    }
  ],
  "initial_release_date": "2012-01-30T00:00:00",
  "last_revision_date": "2012-01-30T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0052 du 23 janvier    2012 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0052.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1336-1 du 23 janvier 2012 :",
      "url": "http://www.ubuntu.com/usn/usn-1336-1/"
    }
  ],
  "reference": "CERTA-2012-AVI-034",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le noyau Linux permet \u00e0 un utilisateur d\u0027\u00e9lever\nses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le noyau linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0052 du 23 janvier 2012",
      "url": null
    }
  ]
}

GHSA-H6WW-X4XV-2VJ2

Vulnerability from github – Published: 2022-05-04 00:27 – Updated: 2022-05-04 00:27

Details

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc//mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0056"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-01-27T15:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/\u003cpid\u003e/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.",
  "id": "GHSA-h6ww-x4xv-2vj2",
  "modified": "2022-05-04T00:27:49Z",
  "published": "2022-05-04T00:27:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0056"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2012:0052"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2012:0061"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2012-0056"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782642"
    },
    {
      "type": "WEB",
      "url": "http://blog.zx2c4.com/749"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/47708"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1336-1"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/470151"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/01/18/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/01/18/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/01/19/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/01/22/4"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2012-0052.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2012-0061.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51625"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-0056

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-0056

Aliases

CVE-2012-0056

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0056",
    "description": "The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/\u003cpid\u003e/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.",
    "id": "GSD-2012-0056",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-0056.html",
      "https://access.redhat.com/errata/RHSA-2012:0061",
      "https://access.redhat.com/errata/RHSA-2012:0052",
      "https://linux.oracle.com/cve/CVE-2012-0056.html",
      "https://packetstormsecurity.com/files/cve/CVE-2012-0056"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0056"
      ],
      "details": "The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/\u003cpid\u003e/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.",
      "id": "GSD-2012-0056",
      "modified": "2023-12-13T01:20:13.347497Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-0056",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/\u003cpid\u003e/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2",
            "refsource": "MISC",
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
          },
          {
            "name": "http://blog.zx2c4.com/749",
            "refsource": "MISC",
            "url": "http://blog.zx2c4.com/749"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc",
            "refsource": "MISC",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc"
          },
          {
            "name": "http://secunia.com/advisories/47708",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/47708"
          },
          {
            "name": "http://ubuntu.com/usn/usn-1336-1",
            "refsource": "MISC",
            "url": "http://ubuntu.com/usn/usn-1336-1"
          },
          {
            "name": "http://www.kb.cert.org/vuls/id/470151",
            "refsource": "MISC",
            "url": "http://www.kb.cert.org/vuls/id/470151"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/01/18/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/01/18/1"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/01/18/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/01/18/2"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/01/19/4",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/01/19/4"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/01/22/4",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/01/22/4"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2012-0052.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2012-0052.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2012-0061.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2012-0061.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/51625",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/51625"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=782642",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782642"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.2",
                "versionStartIncluding": "3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.18",
                "versionStartIncluding": "2.6.39",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0056"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/\u003cpid\u003e/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "47708",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/47708"
            },
            {
              "name": "USN-1336-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://ubuntu.com/usn/usn-1336-1"
            },
            {
              "name": "RHSA-2012:0052",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2012-0052.html"
            },
            {
              "name": "[oss-security] 20120122 Re: CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/01/22/4"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=782642",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782642"
            },
            {
              "name": "[oss-security] 20120118 CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/01/18/1"
            },
            {
              "name": "[oss-security] 20120119 Re: CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/01/19/4"
            },
            {
              "name": "RHSA-2012:0061",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2012-0061.html"
            },
            {
              "name": "51625",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/51625"
            },
            {
              "name": "http://blog.zx2c4.com/749",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://blog.zx2c4.com/749"
            },
            {
              "name": "[oss-security] 20120117 Re: CVE request: kernel: proc: clean up and fix /proc/\u003cpid\u003e/mem handling",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/01/18/2"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
            },
            {
              "name": "VU#470151",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/470151"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-07-27T15:21Z",
      "publishedDate": "2012-01-27T15:55Z"
    }
  }
}

FKIE_CVE-2012-0056

Vulnerability from fkie_nvd - Published: 2012-01-27 15:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://blog.zx2c4.com/749	Third Party Advisory
secalert@redhat.com	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/47708	Broken Link
secalert@redhat.com	http://ubuntu.com/usn/usn-1336-1	Third Party Advisory
secalert@redhat.com	http://www.kb.cert.org/vuls/id/470151	Third Party Advisory, US Government Resource
secalert@redhat.com	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/01/18/1	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/01/18/2	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/01/19/4	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/01/22/4	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2012-0052.html	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2012-0061.html	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/51625	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=782642	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://blog.zx2c4.com/749	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47708	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://ubuntu.com/usn/usn-1336-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/470151	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/01/18/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/01/18/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/01/19/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/01/22/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2012-0052.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2012-0061.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51625	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=782642	Issue Tracking, Third Party Advisory

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B2C115-07AE-4EC0-AB16-5C92A8E0467B",
              "versionEndExcluding": "3.0.18",
              "versionStartIncluding": "2.6.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "650F5839-D928-4B29-9E0B-246A4C0CC0D5",
              "versionEndExcluding": "3.2.2",
              "versionStartIncluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/\u003cpid\u003e/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n mem_write en el kernel de Linux anterior a versi\u00f3n 3.2.2, cuando ASLR est\u00e1 deshabilitado, no comprueba apropiadamente los permisos al escribir en /proc/(pid)/mem, lo que permite a los usuarios locales alcanzar privilegios al modificar la memoria del proceso, como es demostrado por Mempodipper ."
    }
  ],
  "id": "CVE-2012-0056",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-01-27T15:55:04.813",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.zx2c4.com/749"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/47708"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-1336-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/470151"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/18/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/18/2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/19/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/22/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2012-0052.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2012-0061.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/51625"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.zx2c4.com/749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/47708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-1336-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/470151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/18/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/18/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/19/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/01/22/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2012-0052.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2012-0061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/51625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782642"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-0056 (GCVE-0-2012-0056)

CERTFR-2021-AVI-669

Solution

CERTA-2012-AVI-034

Description

Solution

GHSA-H6WW-X4XV-2VJ2

GSD-2012-0056

FKIE_CVE-2012-0056

Tags

Sightings

Nomenclature