Novell Home

CVE-2012-2123

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-2123 at MITRE

Description

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

NVD CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 758260

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.59-0.7.1
  • kernel-xen-extra >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6552
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6554
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60
  • cluster-network-kmp-ppc64 >= 1.4_2.6.32.59_0.7-2.5.60
  • cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60
  • gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106
  • gfs2-kmp-ppc64 >= 2_2.6.32.59_0.7-0.2.106
  • gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106
  • ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60
  • ocfs2-kmp-ppc64 >= 1.6_2.6.32.59_0.7-0.4.2.60
  • ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60
Builds
SAT Patch Nr: 6549
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107
  • ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-ppc64 >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74
  • kernel-default >= 2.6.32.59-0.7.1
  • kernel-default-base >= 2.6.32.59-0.7.1
  • kernel-default-devel >= 2.6.32.59-0.7.1
  • kernel-ppc64 >= 2.6.32.59-0.7.1
  • kernel-ppc64-base >= 2.6.32.59-0.7.1
  • kernel-ppc64-devel >= 2.6.32.59-0.7.1
  • kernel-source >= 2.6.32.59-0.7.1
  • kernel-syms >= 2.6.32.59-0.7.1
  • kernel-trace >= 2.6.32.59-0.7.1
  • kernel-trace-base >= 2.6.32.59-0.7.1
  • kernel-trace-devel >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6549
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60
  • cluster-network-kmp-pae >= 1.4_2.6.32.59_0.7-2.5.60
  • cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60
  • cluster-network-kmp-xen >= 1.4_2.6.32.59_0.7-2.5.60
  • gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106
  • gfs2-kmp-pae >= 2_2.6.32.59_0.7-0.2.106
  • gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106
  • gfs2-kmp-xen >= 2_2.6.32.59_0.7-0.2.106
  • ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60
  • ocfs2-kmp-pae >= 1.6_2.6.32.59_0.7-0.4.2.60
  • ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60
  • ocfs2-kmp-xen >= 1.6_2.6.32.59_0.7-0.4.2.60
Builds
SAT Patch Nr: 6547
SUSE Linux Enterprise Desktop 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107
  • btrfs-kmp-pae >= 0_2.6.32.59_0.7-0.3.107
  • btrfs-kmp-xen >= 0_2.6.32.59_0.7-0.3.107
  • hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20
  • hyper-v-kmp-pae >= 0_2.6.32.59_0.7-0.18.20
  • kernel-default >= 2.6.32.59-0.7.1
  • kernel-default-base >= 2.6.32.59-0.7.1
  • kernel-default-devel >= 2.6.32.59-0.7.1
  • kernel-default-extra >= 2.6.32.59-0.7.1
  • kernel-desktop-devel >= 2.6.32.59-0.7.1
  • kernel-pae >= 2.6.32.59-0.7.1
  • kernel-pae-base >= 2.6.32.59-0.7.1
  • kernel-pae-devel >= 2.6.32.59-0.7.1
  • kernel-pae-extra >= 2.6.32.59-0.7.1
  • kernel-source >= 2.6.32.59-0.7.1
  • kernel-syms >= 2.6.32.59-0.7.1
  • kernel-trace-devel >= 2.6.32.59-0.7.1
  • kernel-xen >= 2.6.32.59-0.7.1
  • kernel-xen-base >= 2.6.32.59-0.7.1
  • kernel-xen-devel >= 2.6.32.59-0.7.1
  • kernel-xen-extra >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6547
SUSE Linux Enterprise Server 11 SP1 for VMware
  • btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107
  • btrfs-kmp-pae >= 0_2.6.32.59_0.7-0.3.107
  • ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-pae >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74
  • hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20
  • hyper-v-kmp-pae >= 0_2.6.32.59_0.7-0.18.20
  • hyper-v-kmp-trace >= 0_2.6.32.59_0.7-0.18.20
  • kernel-default >= 2.6.32.59-0.7.1
  • kernel-default-base >= 2.6.32.59-0.7.1
  • kernel-default-devel >= 2.6.32.59-0.7.1
  • kernel-pae >= 2.6.32.59-0.7.1
  • kernel-pae-base >= 2.6.32.59-0.7.1
  • kernel-pae-devel >= 2.6.32.59-0.7.1
  • kernel-source >= 2.6.32.59-0.7.1
  • kernel-syms >= 2.6.32.59-0.7.1
  • kernel-trace >= 2.6.32.59-0.7.1
  • kernel-trace-base >= 2.6.32.59-0.7.1
  • kernel-trace-devel >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6547
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107
  • btrfs-kmp-pae >= 0_2.6.32.59_0.7-0.3.107
  • btrfs-kmp-xen >= 0_2.6.32.59_0.7-0.3.107
  • ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-pae >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-xen >= 0_2.6.32.59_0.7-7.9.74
  • hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20
  • hyper-v-kmp-pae >= 0_2.6.32.59_0.7-0.18.20
  • hyper-v-kmp-trace >= 0_2.6.32.59_0.7-0.18.20
  • kernel-default >= 2.6.32.59-0.7.1
  • kernel-default-base >= 2.6.32.59-0.7.1
  • kernel-default-devel >= 2.6.32.59-0.7.1
  • kernel-ec2 >= 2.6.32.59-0.7.1
  • kernel-ec2-base >= 2.6.32.59-0.7.1
  • kernel-ec2-devel >= 2.6.32.59-0.7.1
  • kernel-pae >= 2.6.32.59-0.7.1
  • kernel-pae-base >= 2.6.32.59-0.7.1
  • kernel-pae-devel >= 2.6.32.59-0.7.1
  • kernel-source >= 2.6.32.59-0.7.1
  • kernel-syms >= 2.6.32.59-0.7.1
  • kernel-trace >= 2.6.32.59-0.7.1
  • kernel-trace-base >= 2.6.32.59-0.7.1
  • kernel-trace-devel >= 2.6.32.59-0.7.1
  • kernel-xen >= 2.6.32.59-0.7.1
  • kernel-xen-base >= 2.6.32.59-0.7.1
  • kernel-xen-devel >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6547
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.59-0.7.1
  • kernel-ppc64-extra >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6553
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60
  • cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60
  • gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106
  • gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106
  • ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60
  • ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60
Builds
SAT Patch Nr: 6556
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107
  • ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74
  • kernel-default >= 2.6.32.59-0.7.1
  • kernel-default-base >= 2.6.32.59-0.7.1
  • kernel-default-devel >= 2.6.32.59-0.7.1
  • kernel-source >= 2.6.32.59-0.7.1
  • kernel-syms >= 2.6.32.59-0.7.1
  • kernel-trace >= 2.6.32.59-0.7.1
  • kernel-trace-base >= 2.6.32.59-0.7.1
  • kernel-trace-devel >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6556
SUSE Linux Enterprise Real Time 11 SP1
  • brocade-bna-kmp-rt >= 2.1.0.0_2.6.33.20_rt31_0.5-0.2.52
  • cluster-network-kmp-rt >= 1.4_2.6.33.20_rt31_0.5-2.5.62
  • cluster-network-kmp-rt_trace >= 1.4_2.6.33.20_rt31_0.5-2.5.62
  • drbd-kmp-rt >= 8.3.11_2.6.33.20_rt31_0.5-0.3.62
  • drbd-kmp-rt_trace >= 8.3.11_2.6.33.20_rt31_0.5-0.3.62
  • iscsitarget-kmp-rt >= 1.4.19_2.6.33.20_rt31_0.5-0.9.11.38
  • kernel-rt >= 2.6.33.20-0.5.1
  • kernel-rt-base >= 2.6.33.20-0.5.1
  • kernel-rt-devel >= 2.6.33.20-0.5.1
  • kernel-rt_trace >= 2.6.33.20-0.5.1
  • kernel-rt_trace-base >= 2.6.33.20-0.5.1
  • kernel-rt_trace-devel >= 2.6.33.20-0.5.1
  • kernel-source-rt >= 2.6.33.20-0.5.1
  • kernel-syms-rt >= 2.6.33.20-0.5.1
  • ocfs2-kmp-rt >= 1.6_2.6.33.20_rt31_0.5-0.4.2.62
  • ocfs2-kmp-rt_trace >= 1.6_2.6.33.20_rt31_0.5-0.4.2.62
  • ofed-kmp-rt >= 1.5.2_2.6.33.20_rt31_0.5-0.9.13.49
slert11-sp1.x86-64
SAT Patch Nr: 6677
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60
  • cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60
  • cluster-network-kmp-xen >= 1.4_2.6.32.59_0.7-2.5.60
  • gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106
  • gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106
  • gfs2-kmp-xen >= 2_2.6.32.59_0.7-0.2.106
  • ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60
  • ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60
  • ocfs2-kmp-xen >= 1.6_2.6.32.59_0.7-0.4.2.60
Builds
SAT Patch Nr: 6548
SUSE Linux Enterprise Desktop 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107
  • btrfs-kmp-xen >= 0_2.6.32.59_0.7-0.3.107
  • hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20
  • kernel-default >= 2.6.32.59-0.7.1
  • kernel-default-base >= 2.6.32.59-0.7.1
  • kernel-default-devel >= 2.6.32.59-0.7.1
  • kernel-default-extra >= 2.6.32.59-0.7.1
  • kernel-desktop-devel >= 2.6.32.59-0.7.1
  • kernel-source >= 2.6.32.59-0.7.1
  • kernel-syms >= 2.6.32.59-0.7.1
  • kernel-trace-devel >= 2.6.32.59-0.7.1
  • kernel-xen >= 2.6.32.59-0.7.1
  • kernel-xen-base >= 2.6.32.59-0.7.1
  • kernel-xen-devel >= 2.6.32.59-0.7.1
  • kernel-xen-extra >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6548
SUSE Linux Enterprise Server 11 SP1 for VMware
  • btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107
  • ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74
  • hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20
  • hyper-v-kmp-trace >= 0_2.6.32.59_0.7-0.18.20
  • kernel-default >= 2.6.32.59-0.7.1
  • kernel-default-base >= 2.6.32.59-0.7.1
  • kernel-default-devel >= 2.6.32.59-0.7.1
  • kernel-source >= 2.6.32.59-0.7.1
  • kernel-syms >= 2.6.32.59-0.7.1
  • kernel-trace >= 2.6.32.59-0.7.1
  • kernel-trace-base >= 2.6.32.59-0.7.1
  • kernel-trace-devel >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6548
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107
  • btrfs-kmp-xen >= 0_2.6.32.59_0.7-0.3.107
  • ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-xen >= 0_2.6.32.59_0.7-7.9.74
  • hyper-v-kmp-default >= 0_2.6.32.59_0.7-0.18.20
  • hyper-v-kmp-trace >= 0_2.6.32.59_0.7-0.18.20
  • kernel-default >= 2.6.32.59-0.7.1
  • kernel-default-base >= 2.6.32.59-0.7.1
  • kernel-default-devel >= 2.6.32.59-0.7.1
  • kernel-ec2 >= 2.6.32.59-0.7.1
  • kernel-ec2-base >= 2.6.32.59-0.7.1
  • kernel-ec2-devel >= 2.6.32.59-0.7.1
  • kernel-source >= 2.6.32.59-0.7.1
  • kernel-syms >= 2.6.32.59-0.7.1
  • kernel-trace >= 2.6.32.59-0.7.1
  • kernel-trace-base >= 2.6.32.59-0.7.1
  • kernel-trace-devel >= 2.6.32.59-0.7.1
  • kernel-xen >= 2.6.32.59-0.7.1
  • kernel-xen-base >= 2.6.32.59-0.7.1
  • kernel-xen-devel >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6548
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.59-0.7.1
  • kernel-pae-extra >= 2.6.32.59-0.7.1
  • kernel-xen-extra >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6551
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6555
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.59_0.7-2.5.60
  • cluster-network-kmp-trace >= 1.4_2.6.32.59_0.7-2.5.60
  • gfs2-kmp-default >= 2_2.6.32.59_0.7-0.2.106
  • gfs2-kmp-trace >= 2_2.6.32.59_0.7-0.2.106
  • ocfs2-kmp-default >= 1.6_2.6.32.59_0.7-0.4.2.60
  • ocfs2-kmp-trace >= 1.6_2.6.32.59_0.7-0.4.2.60
Builds
SAT Patch Nr: 6550
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.59_0.7-0.3.107
  • ext4dev-kmp-default >= 0_2.6.32.59_0.7-7.9.74
  • ext4dev-kmp-trace >= 0_2.6.32.59_0.7-7.9.74
  • kernel-default >= 2.6.32.59-0.7.1
  • kernel-default-base >= 2.6.32.59-0.7.1
  • kernel-default-devel >= 2.6.32.59-0.7.1
  • kernel-default-man >= 2.6.32.59-0.7.1
  • kernel-source >= 2.6.32.59-0.7.1
  • kernel-syms >= 2.6.32.59-0.7.1
  • kernel-trace >= 2.6.32.59-0.7.1
  • kernel-trace-base >= 2.6.32.59-0.7.1
  • kernel-trace-devel >= 2.6.32.59-0.7.1
Builds
SAT Patch Nr: 6550

© 2014 Novell