Main Vulnerability Database SB2012050402

SB2012050402 - Arbitrary code execution in Linux kernel

Published: May 4, 2012 Updated: March 16, 2017

Security Bulletin ID SB2012050402

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2012-2319)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the driver within HFS plus filesystem. By using a specially crafted Hierarchical File System (HFS) filesystem, a local attacker can trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

References

https://www.kernel.org/