CVE-2012-2123

Severity

72%

Complexity

39%

Confidentiality

165%

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 12 years ago

2012-05-17 11:00:00

Last updated 7 years ago

2017-12-29 02:29:00

Affected Software

Linux Kernel

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d52fc5dde171f030170a6cb78034d166b13c9445

RHSA-2012:0670

RHSA-2012:0743

DSA-2469

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.3

[oss-security] 20120419 Re: CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used

53166

1027072

https://bugzilla.redhat.com/show_bug.cgi?id=806722

linux-kernel-fcaps-sec-bypass(75043)

https://github.com/torvalds/linux/commit/d52fc5dde171f030170a6cb78034d166b13c9445

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.