Linux Kernel ASLR Security Bypass Weakness
BID:52687
Info
Linux Kernel ASLR Security Bypass Weakness
| Bugtraq ID: | 52687 |
| Class: | Design Error |
| CVE: |
CVE-2012-1568 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 22 2012 12:00AM |
| Updated: | Apr 13 2015 09:44PM |
| Credit: | Chris Evans |
| Vulnerable: |
Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 OpenVZ Project OpenVZ 042stab055.10 OpenVZ Project OpenVZ 042stab053.5 OpenVZ Project OpenVZ 042stab049.6 OpenVZ Project OpenVZ 042stab044.17 OpenVZ Project OpenVZ 042stab044.11 OpenVZ Project OpenVZ 042stab039.10 OpenVZ Project OpenVZ 042stab037.1 OpenVZ Project OpenVZ 028stab098.1 OpenVZ Project OpenVZ 028stab095.1 OpenVZ Project OpenVZ 028stab092.2 OpenVZ Project OpenVZ 028stab091.1 OpenVZ Project OpenVZ 028stab089.1 OpenVZ Project OpenVZ 028stab085.2 OpenVZ Project OpenVZ 028stab081.1 CentOS CentOS 6 CentOS CentOS 5 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya Meeting Exchange 6.0 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IP Office Application Server 8.1 Avaya Conferencing Standard Edition 6.0 SP1 Avaya Conferencing Standard Edition 6.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.1 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura SIP Enablement Services 5.2.1 Avaya Aura SIP Enablement Services 5.2 Avaya Aura Session Manager 6.2.1 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.0.1 Avaya Aura Communication Manager 6.0 Avaya Aura Communication Manager 5.2 Avaya Aura Application Server 5300 SIP Core 2.1 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 |
| Not Vulnerable: | |
Discussion
Linux Kernel ASLR Security Bypass Weakness
The Linux kernel is prone to a security-bypass weakness that may cause a library to use a predictable base address.
This weakness may allow attackers to predict the base address of a library in certain circumstances and in turn bypass Address Space Layout Randomization (ASLR) protection mechanisms of applications. This may aid in further attacks that may lead to arbitrary code execution.
The issue is fixed in Fedora Linux Kernel 3.3.0-4.fc16.
The Linux kernel is prone to a security-bypass weakness that may cause a library to use a predictable base address.
This weakness may allow attackers to predict the base address of a library in certain circumstances and in turn bypass Address Space Layout Randomization (ASLR) protection mechanisms of applications. This may aid in further attacks that may lead to arbitrary code execution.
The issue is fixed in Fedora Linux Kernel 3.3.0-4.fc16.
Exploit / POC
Linux Kernel ASLR Security Bypass Weakness
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Linux Kernel ASLR Security Bypass Weakness
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Linux Kernel ASLR Security Bypass Weakness
References:
References:
- Bug 804947 - (CVE-2012-1568) CVE-2012-1568 kernel: execshield: predictable ascii (Red Hat)
- Red Hat Homepage (Red Hat)
- Some random observations on Linux ASLR (Chris Evans)