ID CVE-2012-1568
Summary The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.
References
Vulnerable Configurations
  • cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:P/A:N
redhat via4
rpms
  • kernel-0:2.6.32-279.14.1.el6
  • kernel-bootwrapper-0:2.6.32-279.14.1.el6
  • kernel-debug-0:2.6.32-279.14.1.el6
  • kernel-debug-debuginfo-0:2.6.32-279.14.1.el6
  • kernel-debug-devel-0:2.6.32-279.14.1.el6
  • kernel-debuginfo-0:2.6.32-279.14.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-279.14.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-279.14.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-279.14.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-279.14.1.el6
  • kernel-devel-0:2.6.32-279.14.1.el6
  • kernel-doc-0:2.6.32-279.14.1.el6
  • kernel-firmware-0:2.6.32-279.14.1.el6
  • kernel-headers-0:2.6.32-279.14.1.el6
  • kernel-kdump-0:2.6.32-279.14.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-279.14.1.el6
  • kernel-kdump-devel-0:2.6.32-279.14.1.el6
  • perf-0:2.6.32-279.14.1.el6
  • perf-debuginfo-0:2.6.32-279.14.1.el6
  • python-perf-0:2.6.32-279.14.1.el6
  • python-perf-debuginfo-0:2.6.32-279.14.1.el6
  • kernel-0:2.6.18-348.1.1.el5
  • kernel-PAE-0:2.6.18-348.1.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-348.1.1.el5
  • kernel-PAE-devel-0:2.6.18-348.1.1.el5
  • kernel-debug-0:2.6.18-348.1.1.el5
  • kernel-debug-debuginfo-0:2.6.18-348.1.1.el5
  • kernel-debug-devel-0:2.6.18-348.1.1.el5
  • kernel-debuginfo-0:2.6.18-348.1.1.el5
  • kernel-debuginfo-common-0:2.6.18-348.1.1.el5
  • kernel-devel-0:2.6.18-348.1.1.el5
  • kernel-doc-0:2.6.18-348.1.1.el5
  • kernel-headers-0:2.6.18-348.1.1.el5
  • kernel-kdump-0:2.6.18-348.1.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-348.1.1.el5
  • kernel-kdump-devel-0:2.6.18-348.1.1.el5
  • kernel-xen-0:2.6.18-348.1.1.el5
  • kernel-xen-debuginfo-0:2.6.18-348.1.1.el5
  • kernel-xen-devel-0:2.6.18-348.1.1.el5
refmap via4
confirm
misc http://scarybeastsecurity.blogspot.com/2012/03/some-random-observations-on-linux-aslr.html
mlist
  • [oss-security] 20120320 Re: CVE request -- kernel: execshield: predictable ascii armour base address
  • [oss-security] 20120321 Re: CVE request -- kernel: execshield: predictable ascii armour base address
Last major update 22-04-2019 - 17:48
Published 01-03-2013 - 05:40
Last modified 22-04-2019 - 17:48
Back to Top