Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Security and Privacy
Reload this Page [SOLVED] mempodipper / CVE-2012-0056 / linux local root exploit: how to patch?
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 9th February 2012, 01:28 AM
m1boli Offline
Registered User
  
Join Date: Sep 2010
Posts: 11
linuxopera
mempodipper / CVE-2012-0056 / linux local root exploit: how to patch?
Is there a patch or another way to protect against the mempodipper / CVE-2012-0056 / linux local root exploit?

I can delete gpasswd, but I suspect there are other binaries that can exploit the vulnerability.

The current Fedora 15 root is: 2.6.49-10.3. It is vulnerable.
Reply With Quote
  #2  
Old 9th February 2012, 02:42 AM
leigh123linux's Avatar
leigh123linux Offline
Retired Administrator
  
Join Date: Oct 2006
Posts: 21,509
linuxfirefox
Re: mempodipper / CVE-2012-0056 / linux local root exploit: how to patch?
Quote:
Originally Posted by m1boli View Post
Is there a patch or another way to protect against the mempodipper / CVE-2012-0056 / linux local root exploit?

I can delete gpasswd, but I suspect there are other binaries that can exploit the vulnerability.

The current Fedora 15 root is: 2.6.49-10.3. It is vulnerable.
Why?, it was patched weeks ago
Didn't you read the kernel changelogs?

https://koji.fedoraproject.org/koji/...buildID=298201


Quote:
* Wed Jan 18 2012 Josh Boyer <jwboyer@redhat.com> 2.6.41.10-1
- Linux 3.1.10 - /proc/pid/* information leak (rhbz 782686)

* Wed Jan 18 2012 Dennis Gilmore <dennis@ausil.us>
- build perf on armv7hl

* Wed Jan 18 2012 Josh Boyer <jwboyer@redhat.com>
- CVE-2012-0056 proc: clean up and fix /proc/<pid>/mem (rhbz 782681)
- loop: prevent information leak after failed read (rhbz 782687)
Reply With Quote
  #3  
Old 9th February 2012, 03:00 AM
m1boli Offline
Registered User
  
Join Date: Sep 2010
Posts: 11
linuxopera
Re: mempodipper / CVE-2012-0056 / linux local root exploit: how to patch?
Yes, I saw the Fedora Update Notification, which said it fixed this bug.

It seems the problem is that I had not rebooted yet since downloading this version of the kernel.

Oof. My mistake.
Last edited by m1boli; 9th February 2012 at 03:02 AM.
Reply With Quote
Reply

Tags
cve, exploit, linux, local, mempodipper, patch, root

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Free, Native Linux Games with Great Graphics 2012 CreamCorn Gamers' Lounge 9 17th January 2012 12:32 AM
What Linux Will Look Like In 2012 Wayne Linux Chat 5 15th August 2008 07:23 PM
Root exploit in Fedora RupertPupkin Security and Privacy 86 17th February 2008 06:42 AM
nVIDIA users: Be ware! Local Root exploit in binary Driver! Thetargos Linux Chat 10 18th October 2006 08:16 AM


Current GMT-time: 17:10 (Monday, 20-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat