Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2745

Overview

Vulnerability Score 4.7 4.7
CVE Id CVE-2012-2745
Last Modified 18 Apr 2013 11:22:22
Published 09 Aug 2012 06:29:47
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2745

Summary

The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.

Vulnerable Systems

Operating System

  • Linux Kernel 3.3

  • Linux Kernel 3.3.1


References

CONFIRM - https://github.com/torvalds/linux/commit/79549c6dfda0603dba9a70a53467ce62d9335c33

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=833428

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=79549c6dfda0603dba9a70a53467ce62d9335c33

REDHAT - RHSA-2012:1064

UBUNTU - USN-1567-1

UBUNTU - USN-1606-1

UBUNTU - USN-1597-1

BID - 54365

SECUNIA - 50853

SECTRACK - 1027236

SECUNIA - 50961

SECUNIA - 50633

Related Patches

Novell SUSE 2012:6923 kernel security update for SLE 11 SP2 i586

Novell SUSE 2012:6926 kernel security update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 10:53:35