Ubuntu

CVE-2012-2745

Reported by John Johansen on 2012-07-11
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Tim Gardner
Natty
Low
Tim Gardner
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-armadaxp (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-ec2 (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-mvl-dove (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned

Bug Description

The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.

Break-Fix: ee18d64c1f632043a02e6f5ba5e045bb26a5465f 79549c6dfda0603dba9a70a53467ce62d9335c33

John Johansen (jjohansen) wrote :

CVE-2012-2745

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Quantal):
status: New → Invalid
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Tim Gardner (timg-tpi) on 2012-09-05
Changed in linux (Ubuntu Lucid):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux (Ubuntu Natty):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Tim Gardner (timg-tpi) on 2012-09-05
Changed in linux (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-16.67

---------------
linux (2.6.38-16.67) natty-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1045383

  [ Upstream Kernel Changes ]

  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * eCryptfs: Initialize empty lower files when opening them
    - LP: #911507
  * net: Allow driver to limit number of GSO segments per skb
    - LP: #1037456
    - CVE-2012-3412
  * tcp: do not scale TSO segment size with reordering degree
    - LP: #1037456
    - CVE-2012-3412
  * tcp: Apply device TSO segment limit earlier
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
  * mm: Hold a file reference in madvise_remove
    - LP: #1042447
    - CVE-2012-3511
  * cred: copy_process() should clear child->replacement_session_keyring
    - LP: #1023535
    - CVE-2012-2745
 -- Luis Henriques <email address hidden> Thu, 06 Sep 2012 09:25:21 +0100

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-16.67~lucid1

---------------
linux-lts-backport-natty (2.6.38-16.67~lucid1) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1047350

  [ Upstream Kernel Changes ]

  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * eCryptfs: Initialize empty lower files when opening them
    - LP: #911507
  * net: Allow driver to limit number of GSO segments per skb
    - LP: #1037456
    - CVE-2012-3412
  * tcp: do not scale TSO segment size with reordering degree
    - LP: #1037456
    - CVE-2012-3412
  * tcp: Apply device TSO segment limit earlier
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
  * mm: Hold a file reference in madvise_remove
    - LP: #1042447
    - CVE-2012-3511
  * cred: copy_process() should clear child->replacement_session_keyring
    - LP: #1023535
    - CVE-2012-2745
 -- Luis Henriques <email address hidden> Fri, 07 Sep 2012 14:15:51 +0100

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Ike Panhc (ikepanhc) wrote :

Patch ee18d64c1f632043a02e6f5ba5e045bb26a5465f and 79549c6dfda0603dba9a70a53467ce62d9335c33 already in upstream 3.5

Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-349.55

---------------
linux-ec2 (2.6.32-349.55) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Revert "SAUCE: EC2: Backport changes to limit GSO segments"
    - LP: #1037456
    - CVE-2012-3412
  * Rebased to Ubuntu-2.6.32-44.98
  * Release Tracking Bug
    - LP: #1056081

  [ Ubuntu: 2.6.32-44.98 ]

  * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
    - LP: #1039157
  * Revert "sfc: Fix maximum number of TSO segments and minimum TX queue
    size"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "sfc: Replace some literal constants with
    EFX_PAGE_SIZE/EFX_BUF_SIZE"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "tcp: Apply device TSO segment limit earlier"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "tcp: do not scale TSO segment size with reordering degree"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "net: Allow driver to limit number of GSO segments per skb"
    - LP: #1037456
    - CVE-2012-3412
  * cred: copy_process() should clear child->replacement_session_keyring
    - LP: #1023535
    - CVE-2012-2745
  * KVM: Change irq routing table to use gsi indexed array
    - LP: #1016298
    - CVE-2012-2137
  * KVM: Fix buffer overflow in kvm_set_irq()
    - LP: #1016298
    - CVE-2012-2137
  * xen: just completely disable XSAVE
    - LP: #1044550
  * xen: Allow PV-OPS kernel to detect whether XSAVE is supported
    - LP: #1044550
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
 -- Stefan Bader <email address hidden> Fri, 28 Sep 2012 15:24:48 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-44.98

---------------
linux (2.6.32-44.98) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1055438

  [ Dave Airlie ]

  * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
    - LP: #1039157

  [ Upstream Kernel Changes ]

  * Revert "sfc: Fix maximum number of TSO segments and minimum TX queue
    size"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "sfc: Replace some literal constants with
    EFX_PAGE_SIZE/EFX_BUF_SIZE"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "tcp: Apply device TSO segment limit earlier"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "tcp: do not scale TSO segment size with reordering degree"
    - LP: #1037456
    - CVE-2012-3412
  * Revert "net: Allow driver to limit number of GSO segments per skb"
    - LP: #1037456
    - CVE-2012-3412
  * cred: copy_process() should clear child->replacement_session_keyring
    - LP: #1023535
    - CVE-2012-2745
  * KVM: Change irq routing table to use gsi indexed array
    - LP: #1016298
    - CVE-2012-2137
  * KVM: Fix buffer overflow in kvm_set_irq()
    - LP: #1016298
    - CVE-2012-2137
  * xen: just completely disable XSAVE
    - LP: #1044550
  * xen: Allow PV-OPS kernel to detect whether XSAVE is supported
    - LP: #1044550
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
 -- Tim Gardner <email address hidden> Thu, 06 Sep 2012 11:20:13 -0400

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against natty is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers