Vulnerability Name: | CVE-2012-1568 (CCN-74291) | ||||||||||||||||||||||||||||||||
Assigned: | 2012-03-17 | ||||||||||||||||||||||||||||||||
Published: | 2012-03-17 | ||||||||||||||||||||||||||||||||
Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||
Summary: | The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N) 1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
1.4 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2012-1568 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2012-1426 Moderate: kernel security and bug fix update Source: CCN Type: RHSA-2013-0168 Moderate: kernel security and bug fix update Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: The Linux Kernel Archives Web site The Linux Kernel Archives Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-52687 Linux Kernel ASLR Security Bypass Weakness Source: CCN Type: Red Hat Bugzilla Bug 804947 CVE-2012-1568 kernel: execshield: predictable ascii armour base address Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN linux-aslr-security-bypass(74291) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |