CVE-2012-2123

Published: 19 April 2012

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

From the Ubuntu security team

Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier.

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2123
• http://www.openwall.com/lists/oss-security/2012/04/20/6
• https://ubuntu.com/security/notices/USN-1445-1
• https://ubuntu.com/security/notices/USN-1448-1
• https://ubuntu.com/security/notices/USN-1452-1
• https://ubuntu.com/security/notices/USN-1453-1
• https://ubuntu.com/security/notices/USN-1455-1
• https://ubuntu.com/security/notices/USN-1457-1
• https://ubuntu.com/security/notices/USN-1459-1
• https://ubuntu.com/security/notices/USN-1460-1
• https://ubuntu.com/security/notices/USN-1470-1
• https://ubuntu.com/security/notices/USN-1530-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=806722
• https://launchpad.net/bugs/987571