CVE-2012-2123

Common Vulnerabilities and Exposures

Upstream information

CVE-2012-2123 at MITRE

Description

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

NVD CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 758260

SUSE Security Advisories:

openSUSE-SU-2012:0781-1, published Fri, 22 Jun 2012 11:08:29 +0200 (CEST)
openSUSE-SU-2012:0799-1, published Thu, 28 Jun 2012 10:08:31 +0200 (CEST)
openSUSE-SU-2012:0812-1, published Tue, 3 Jul 2012 14:08:26 +0200 (CEST)
openSUSE-SU-2012:1439-1, published Mon, 5 Nov 2012 10:09:03 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.32.59-0.7.1` `kernel-xen-extra >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6552
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6554
SLE 11 SP1 DEBUGINFO	`kernel-default-debuginfo >= 2.6.32.59-0.7.1` `kernel-default-debugsource >= 2.6.32.59-0.7.1` `kernel-ppc64-debuginfo >= 2.6.32.59-0.7.1` `kernel-ppc64-debugsource >= 2.6.32.59-0.7.1` `kernel-trace-debuginfo >= 2.6.32.59-0.7.1` `kernel-trace-debugsource >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6549
SUSE Linux Enterprise High Availability Extension 11 SP1	`cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60` `cluster-network-kmp-ppc64 >= 1.4_2.6.32.59_0.7-2.5.60` `cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60` `gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106` `gfs2-kmp-ppc64 >= 2_2.6.32.59_0.7-0.2.106` `gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106` `ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60` `ocfs2-kmp-ppc64 >= 1.6_2.6.32.59_0.7-0.4.2.60` `ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60`	Builds SAT Patch Nr: 6549
SUSE Linux Enterprise Server 11 SP1	`btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107` `ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-ppc64 >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74` `kernel-default >= 2.6.32.59-0.7.1` `kernel-default-base >= 2.6.32.59-0.7.1` `kernel-default-devel >= 2.6.32.59-0.7.1` `kernel-ppc64 >= 2.6.32.59-0.7.1` `kernel-ppc64-base >= 2.6.32.59-0.7.1` `kernel-ppc64-devel >= 2.6.32.59-0.7.1` `kernel-source >= 2.6.32.59-0.7.1` `kernel-syms >= 2.6.32.59-0.7.1` `kernel-trace >= 2.6.32.59-0.7.1` `kernel-trace-base >= 2.6.32.59-0.7.1` `kernel-trace-devel >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6549
SLE 11 SP1 DEBUGINFO	`kernel-default-debuginfo >= 2.6.32.59-0.7.1` `kernel-default-debugsource >= 2.6.32.59-0.7.1` `kernel-ec2-debuginfo >= 2.6.32.59-0.7.1` `kernel-ec2-debugsource >= 2.6.32.59-0.7.1` `kernel-pae-debuginfo >= 2.6.32.59-0.7.1` `kernel-pae-debugsource >= 2.6.32.59-0.7.1` `kernel-trace-debuginfo >= 2.6.32.59-0.7.1` `kernel-trace-debugsource >= 2.6.32.59-0.7.1` `kernel-xen-debuginfo >= 2.6.32.59-0.7.1` `kernel-xen-debugsource >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6547
SUSE Linux Enterprise High Availability Extension 11 SP1	`cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60` `cluster-network-kmp-pae >= 1.4_2.6.32.59_0.7-2.5.60` `cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60` `cluster-network-kmp-xen >= 1.4_2.6.32.59_0.7-2.5.60` `gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106` `gfs2-kmp-pae >= 2_2.6.32.59_0.7-0.2.106` `gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106` `gfs2-kmp-xen >= 2_2.6.32.59_0.7-0.2.106` `ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60` `ocfs2-kmp-pae >= 1.6_2.6.32.59_0.7-0.4.2.60` `ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60` `ocfs2-kmp-xen >= 1.6_2.6.32.59_0.7-0.4.2.60`	Builds SAT Patch Nr: 6547
SUSE Linux Enterprise Desktop 11 SP1	`btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107` `btrfs-kmp-pae >= 0_2.6.32.59_0.7-0.3.107` `btrfs-kmp-xen >= 0_2.6.32.59_0.7-0.3.107` `hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20` `hyper-v-kmp-pae >= 0_2.6.32.59_0.7-0.18.20` `kernel-default >= 2.6.32.59-0.7.1` `kernel-default-base >= 2.6.32.59-0.7.1` `kernel-default-devel >= 2.6.32.59-0.7.1` `kernel-default-extra >= 2.6.32.59-0.7.1` `kernel-desktop-devel >= 2.6.32.59-0.7.1` `kernel-pae >= 2.6.32.59-0.7.1` `kernel-pae-base >= 2.6.32.59-0.7.1` `kernel-pae-devel >= 2.6.32.59-0.7.1` `kernel-pae-extra >= 2.6.32.59-0.7.1` `kernel-source >= 2.6.32.59-0.7.1` `kernel-syms >= 2.6.32.59-0.7.1` `kernel-trace-devel >= 2.6.32.59-0.7.1` `kernel-xen >= 2.6.32.59-0.7.1` `kernel-xen-base >= 2.6.32.59-0.7.1` `kernel-xen-devel >= 2.6.32.59-0.7.1` `kernel-xen-extra >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6547
SUSE Linux Enterprise Server 11 SP1 for VMware	`btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107` `btrfs-kmp-pae >= 0_2.6.32.59_0.7-0.3.107` `ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-pae >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74` `hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20` `hyper-v-kmp-pae >= 0_2.6.32.59_0.7-0.18.20` `hyper-v-kmp-trace >= 0_2.6.32.59_0.7-0.18.20` `kernel-default >= 2.6.32.59-0.7.1` `kernel-default-base >= 2.6.32.59-0.7.1` `kernel-default-devel >= 2.6.32.59-0.7.1` `kernel-pae >= 2.6.32.59-0.7.1` `kernel-pae-base >= 2.6.32.59-0.7.1` `kernel-pae-devel >= 2.6.32.59-0.7.1` `kernel-source >= 2.6.32.59-0.7.1` `kernel-syms >= 2.6.32.59-0.7.1` `kernel-trace >= 2.6.32.59-0.7.1` `kernel-trace-base >= 2.6.32.59-0.7.1` `kernel-trace-devel >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6547
SUSE Linux Enterprise Server 11 SP1	`btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107` `btrfs-kmp-pae >= 0_2.6.32.59_0.7-0.3.107` `btrfs-kmp-xen >= 0_2.6.32.59_0.7-0.3.107` `ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-pae >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-xen >= 0_2.6.32.59_0.7-7.9.74` `hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20` `hyper-v-kmp-pae >= 0_2.6.32.59_0.7-0.18.20` `hyper-v-kmp-trace >= 0_2.6.32.59_0.7-0.18.20` `kernel-default >= 2.6.32.59-0.7.1` `kernel-default-base >= 2.6.32.59-0.7.1` `kernel-default-devel >= 2.6.32.59-0.7.1` `kernel-ec2 >= 2.6.32.59-0.7.1` `kernel-ec2-base >= 2.6.32.59-0.7.1` `kernel-ec2-devel >= 2.6.32.59-0.7.1` `kernel-pae >= 2.6.32.59-0.7.1` `kernel-pae-base >= 2.6.32.59-0.7.1` `kernel-pae-devel >= 2.6.32.59-0.7.1` `kernel-source >= 2.6.32.59-0.7.1` `kernel-syms >= 2.6.32.59-0.7.1` `kernel-trace >= 2.6.32.59-0.7.1` `kernel-trace-base >= 2.6.32.59-0.7.1` `kernel-trace-devel >= 2.6.32.59-0.7.1` `kernel-xen >= 2.6.32.59-0.7.1` `kernel-xen-base >= 2.6.32.59-0.7.1` `kernel-xen-devel >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6547
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.32.59-0.7.1` `kernel-ppc64-extra >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6553
SLE 11 SP1 DEBUGINFO	`kernel-default-debuginfo >= 2.6.32.59-0.7.1` `kernel-default-debugsource >= 2.6.32.59-0.7.1` `kernel-trace-debuginfo >= 2.6.32.59-0.7.1` `kernel-trace-debugsource >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6556
SUSE Linux Enterprise High Availability Extension 11 SP1	`cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60` `cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60` `gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106` `gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106` `ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60` `ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60`	Builds SAT Patch Nr: 6556
SUSE Linux Enterprise Server 11 SP1	`btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107` `ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74` `kernel-default >= 2.6.32.59-0.7.1` `kernel-default-base >= 2.6.32.59-0.7.1` `kernel-default-devel >= 2.6.32.59-0.7.1` `kernel-source >= 2.6.32.59-0.7.1` `kernel-syms >= 2.6.32.59-0.7.1` `kernel-trace >= 2.6.32.59-0.7.1` `kernel-trace-base >= 2.6.32.59-0.7.1` `kernel-trace-devel >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6556
SUSE Linux Enterprise Real Time 11 SP1	`brocade-bna-kmp-rt >= 2.1.0.0_2.6.33.20_rt31_0.5-0.2.52` `cluster-network-kmp-rt >= 1.4_2.6.33.20_rt31_0.5-2.5.62` `cluster-network-kmp-rt_trace >= 1.4_2.6.33.20_rt31_0.5-2.5.62` `drbd-kmp-rt >= 8.3.11_2.6.33.20_rt31_0.5-0.3.62` `drbd-kmp-rt_trace >= 8.3.11_2.6.33.20_rt31_0.5-0.3.62` `iscsitarget-kmp-rt >= 1.4.19_2.6.33.20_rt31_0.5-0.9.11.38` `kernel-rt >= 2.6.33.20-0.5.1` `kernel-rt-base >= 2.6.33.20-0.5.1` `kernel-rt-devel >= 2.6.33.20-0.5.1` `kernel-rt_trace >= 2.6.33.20-0.5.1` `kernel-rt_trace-base >= 2.6.33.20-0.5.1` `kernel-rt_trace-devel >= 2.6.33.20-0.5.1` `kernel-source-rt >= 2.6.33.20-0.5.1` `kernel-syms-rt >= 2.6.33.20-0.5.1` `ocfs2-kmp-rt >= 1.6_2.6.33.20_rt31_0.5-0.4.2.62` `ocfs2-kmp-rt_trace >= 1.6_2.6.33.20_rt31_0.5-0.4.2.62` `ofed-kmp-rt >= 1.5.2_2.6.33.20_rt31_0.5-0.9.13.49`	slert11-sp1.x86-64 SAT Patch Nr: 6677
SLE 11 SP1 DEBUGINFO	`kernel-default-debuginfo >= 2.6.32.59-0.7.1` `kernel-default-debugsource >= 2.6.32.59-0.7.1` `kernel-ec2-debuginfo >= 2.6.32.59-0.7.1` `kernel-ec2-debugsource >= 2.6.32.59-0.7.1` `kernel-trace-debuginfo >= 2.6.32.59-0.7.1` `kernel-trace-debugsource >= 2.6.32.59-0.7.1` `kernel-xen-debuginfo >= 2.6.32.59-0.7.1` `kernel-xen-debugsource >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6548
SUSE Linux Enterprise High Availability Extension 11 SP1	`cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60` `cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60` `cluster-network-kmp-xen >= 1.4_2.6.32.59_0.7-2.5.60` `gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106` `gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106` `gfs2-kmp-xen >= 2_2.6.32.59_0.7-0.2.106` `ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60` `ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60` `ocfs2-kmp-xen >= 1.6_2.6.32.59_0.7-0.4.2.60`	Builds SAT Patch Nr: 6548
SUSE Linux Enterprise Desktop 11 SP1	`btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107` `btrfs-kmp-xen >= 0_2.6.32.59_0.7-0.3.107` `hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20` `kernel-default >= 2.6.32.59-0.7.1` `kernel-default-base >= 2.6.32.59-0.7.1` `kernel-default-devel >= 2.6.32.59-0.7.1` `kernel-default-extra >= 2.6.32.59-0.7.1` `kernel-desktop-devel >= 2.6.32.59-0.7.1` `kernel-source >= 2.6.32.59-0.7.1` `kernel-syms >= 2.6.32.59-0.7.1` `kernel-trace-devel >= 2.6.32.59-0.7.1` `kernel-xen >= 2.6.32.59-0.7.1` `kernel-xen-base >= 2.6.32.59-0.7.1` `kernel-xen-devel >= 2.6.32.59-0.7.1` `kernel-xen-extra >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6548
SUSE Linux Enterprise Server 11 SP1 for VMware	`btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107` `ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74` `hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20` `hyper-v-kmp-trace >= 0_2.6.32.59_0.7-0.18.20` `kernel-default >= 2.6.32.59-0.7.1` `kernel-default-base >= 2.6.32.59-0.7.1` `kernel-default-devel >= 2.6.32.59-0.7.1` `kernel-source >= 2.6.32.59-0.7.1` `kernel-syms >= 2.6.32.59-0.7.1` `kernel-trace >= 2.6.32.59-0.7.1` `kernel-trace-base >= 2.6.32.59-0.7.1` `kernel-trace-devel >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6548
SUSE Linux Enterprise Server 11 SP1	`btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107` `btrfs-kmp-xen >= 0_2.6.32.59_0.7-0.3.107` `ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-xen >= 0_2.6.32.59_0.7-7.9.74` `hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20` `hyper-v-kmp-trace >= 0_2.6.32.59_0.7-0.18.20` `kernel-default >= 2.6.32.59-0.7.1` `kernel-default-base >= 2.6.32.59-0.7.1` `kernel-default-devel >= 2.6.32.59-0.7.1` `kernel-ec2 >= 2.6.32.59-0.7.1` `kernel-ec2-base >= 2.6.32.59-0.7.1` `kernel-ec2-devel >= 2.6.32.59-0.7.1` `kernel-source >= 2.6.32.59-0.7.1` `kernel-syms >= 2.6.32.59-0.7.1` `kernel-trace >= 2.6.32.59-0.7.1` `kernel-trace-base >= 2.6.32.59-0.7.1` `kernel-trace-devel >= 2.6.32.59-0.7.1` `kernel-xen >= 2.6.32.59-0.7.1` `kernel-xen-base >= 2.6.32.59-0.7.1` `kernel-xen-devel >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6548
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.32.59-0.7.1` `kernel-pae-extra >= 2.6.32.59-0.7.1` `kernel-xen-extra >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6551
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6555
SLE 11 SP1 DEBUGINFO	`kernel-default-debuginfo >= 2.6.32.59-0.7.1` `kernel-default-debugsource >= 2.6.32.59-0.7.1` `kernel-trace-debuginfo >= 2.6.32.59-0.7.1` `kernel-trace-debugsource >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6550
SUSE Linux Enterprise High Availability Extension 11 SP1	`cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60` `cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60` `gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106` `gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106` `ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60` `ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60`	Builds SAT Patch Nr: 6550
SUSE Linux Enterprise Server 11 SP1	`btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107` `ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74` `ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74` `kernel-default >= 2.6.32.59-0.7.1` `kernel-default-base >= 2.6.32.59-0.7.1` `kernel-default-devel >= 2.6.32.59-0.7.1` `kernel-default-man >= 2.6.32.59-0.7.1` `kernel-source >= 2.6.32.59-0.7.1` `kernel-syms >= 2.6.32.59-0.7.1` `kernel-trace >= 2.6.32.59-0.7.1` `kernel-trace-base >= 2.6.32.59-0.7.1` `kernel-trace-devel >= 2.6.32.59-0.7.1`	Builds SAT Patch Nr: 6550

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy