#VU92771 Missing authorization in Linux kernel - CVE-2012-0055
Published: February 19, 2020 / Updated: June 20, 2024
Vulnerability identifier: #VU92771
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2012-0055
CWE-ID: CWE-862
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
Remediation
Install update from vendor's repository.
External links
- http://www.openwall.com/lists/oss-security/2012/01/17/11
- http://www.ubuntu.com/usn/USN-1363-1
- http://www.ubuntu.com/usn/USN-1364-1
- http://www.ubuntu.com/usn/USN-1384-1
- https://access.redhat.com/security/cve/cve-2012-0055
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055