You are here

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability

January 23, 2012 - 9:00am

Addthis

PROBLEM:

Linux Kernel "/proc//mem" Privilege Escalation Vulnerability.

PLATFORM:

Linux Kernel 2.6.x

ABSTRACT:

A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges

reference LINKS:

Linux Kernel Update
CVE-2012-0056
Red Hat Bugzilla Bug 782642

IMPACT ASSESSMENT:

Medium

Discussion:

The vulnerability is caused due to the kernel not properly restricting access to "/proc//mem" file, which can be exploited to gain escalated privileges by e.g. writing into the memory of a privileged process.

Impact:

A local, unprivileged user could use this flaw to escalate their privileges.

Solution:

Fixed in the GIT repository.

Addthis