Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability CVE-2012-0056

Linux kernel: memory corruption via /proc/pid/mem

Synthesis of the vulnerability

A local attacker can use /proc/$pid/mem, in order to change the memory of a process, and to elevate his privileges.
Severity: 2/4.
Creation date: 18/01/2012.
Revisions dates: 20/01/2012, 23/01/2012.

Impacted products

Description of the vulnerability

The /proc/$pid/mem file is used to access to the memory of a process. A user can read /proc/$pid/mem, in order to read the memory of the $pid process, but he should not be allowed to write into the memory.

The mem_write() function of the fs/proc/base.c file was commented, so users were not allowed to alter the memory by writing to /proc/$pid/mem. However, in march 2011 (2.6.39), the mem_write() function was uncommented. Since this change, a user can thus modify the memory of a running process. If the attacker choses a privileged process (suid root), he can thus gain elevated privileges.

A local attacker can therefore use /proc/$pid/mem, in order to change the memory of a process, and to elevate his privileges.

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

Linux kernel: memory corruption via /proc/pid/mem

Characteristics

Title: Linux kernel: memory corruption via /proc/pid/mem.
Keywords: 2011 Linux corruption kernel mem_write memory proc.
Identifiers: BID-51625, CERTA-2012-AVI-034, CVE-2012-0056, FEDORA-2012-0861, FEDORA-2012-0876, RHSA-2012:0052-01, RHSA-2012:0061-01, VIGILANCE-VUL-11300, VU#470151.

Information sources

Publications and announces
Source example: proc: clean up and fix /proc/<pid>/mem handling

Solutions for this vulnerability

Patch or workaround

Supplements

Attack

Exploit 0day or proof of concept

Attack

Exploit 0day or proof of concept

Attack

Exploit 0day or proof of concept

Vulnerability detection : test.c

Publications and announces
Source example: Does CVE-2012-0056 affect Red Hat Enterprise Linux and Red Hat Enterprise MRG?

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française