Details of CVE-2012-0028 fixed in Bug 771764

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 5 Update 5
  • Architecture: x86
  • Kernel Version: 2.6.18-194.el5

Issue

Description of Problem:
A customer needs to know details of CVE-2012-0028 which
is described in the Advisory RHSA-2012:0107 as follows:

----
* A flaw was found in the way the Linux kernel handled
robust list pointers of user-space held futexes across
exec() calls. A local, unprivileged user could use this
flaw to cause a denial of service or, eventually,
escalate their privileges. (CVE-2012-0028, Important)
----

Please answer the following questions:

Q1) What kind of attack can be expected from this
vulnerability and how to do it?
Q2) Can the attack be done through the network?
Or local user only?
Q3) Can we detect whether the system was attacked or
not by this vulnerability, from syslog or anything
else?
Q4) Is there any bug report of real attacks using the
CVE-2012-0028 vulnerability?

Resolution

Q1) What kind of attack can be expected from this vulnerability and how to do it?
Local denial of service, or privilege escalation.

Detailed information, including the steps to reproduce the issue can be
found at:
https://bugzilla.redhat.com/show_bug.cgi?id=771764#c4

Q2) Can the attack be done through the network? Or local user only?
Local user only.

Q3) Can we detect whether the system was attacked or not by this vulnerability, from syslog or anything else?
There is no publicly circulated exploit for this issue, neither do we
have a standalone test case for this. We do have the steps necessary to
reproduce the issue, but I would not depend on it as a measure to detect
if the system was attacked using this flaw.

Q4) Is there any bug report of real attacks using the CVE-2012-0028 vulnerability?
This has been addressed in Red Hat Enterprise Linux 5 by
https://access.redhat.com/errata/RHSA-2012:0107

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments