Ubuntu
linux package

local root escalation via /proc/pid/mem

Bug #918898 reported by Kees Cook on 2012-01-19

This bug report is a duplicate of: Bug #919115: CVE-2012-0056. Edit Remove

258

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Confirmed	Undecided	Unassigned
Hardy	Invalid	Undecided	Unassigned
Lucid	Invalid	Undecided	Unassigned
Maverick	Invalid	Undecided	Unassigned
Natty	Invalid	Undecided	Unassigned
Oneiric	Confirmed	Undecided	Unassigned
Precise	Confirmed	Undecided	Unassigned

Bug Description

Since 2.6.39-rc1 (after 198214a7ee50375fa71a65e518341980cfd4b2f0), /proc/pid/mem can be used to write program memory. Under specific situations, this can be manipulated by a local attacker to gain control of setuid programs. Upstream fix is e268337dfe26dfc7efd422a804dbb27977a3cccc.

A the moment, the fix is public, but the severity and mechanics of the issue are less public.

Kees Cook (kees) on 2012-01-19

Changed in linux (Ubuntu Hardy):
status:	New → Invalid
Changed in linux (Ubuntu Lucid):
status:	New → Invalid
Changed in linux (Ubuntu Maverick):
status:	New → Invalid
Changed in linux (Ubuntu Natty):
status:	New → Invalid
Changed in linux (Ubuntu Oneiric):
status:	New → Confirmed
Changed in linux (Ubuntu Precise):
status:	New → Confirmed

Marc Deslauriers (mdeslaur) on 2012-12-17

information type:

Private Security → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #919115 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

local root escalation via /proc/pid/mem

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux package