NVD Vulnerability Detail

CVE-2012-1568

Summary	The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.
Publication Date	March 1, 2013, 2:40 p.m.
Registration Date	Jan. 28, 2021, 2:55 p.m.
Last Update	Nov. 21, 2024, 10:37 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:16:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:5:::::::*
cpe:2.3:o:fedoraproject:fedora:15:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://openwall.com/lists/oss-security/2012/03/21/3
2	http://openwall.com/lists/oss-security/2012/03/21/3
3	http://scarybeastsecurity.blogspot.com/2012/03/some-random-observations-on-linux-aslr.html
4	http://scarybeastsecurity.blogspot.com/2012/03/some-random-observations-on-linux-aslr.html
5	http://www.openwall.com/lists/oss-security/2012/03/20/4
6	http://www.openwall.com/lists/oss-security/2012/03/20/4
7	https://bugzilla.redhat.com/show_bug.cgi?id=804947
8	https://bugzilla.redhat.com/show_bug.cgi?id=804947
9	https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=302a4fc15aebf202b6dffd6c804377c6058ee6e4
10	https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=302a4fc15aebf202b6dffd6c804377c6058ee6e4

Common Vulnerabilities List

JVN Vulnerability Information

Red Hat Enterprise Linux および Fedora における ASLR 保護メカニズムを回避される脆弱性

Title	Red Hat Enterprise Linux および Fedora における ASLR 保護メカニズムを回避される脆弱性
Summary	Red Hat Enterprise Linux (RHEL) および Fedora の Linux Kernel に対する特定の Red Hat パッチ内の ExecShield 機能は、32-bit 実行ファイルによる多数の共有ライブラリの使用を適切に処理しないため、ASLR 保護メカニズムを回避される脆弱性が存在します。
Possible impacts	攻撃者により、当該のライブラリの 1 つに予測可能なベースアドレスが利用されることで、ASLR 保護メカニズムを回避される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 15, 2012, midnight
Registration Date	March 4, 2013, 4:04 p.m.
Last Update	March 4, 2013, 4:04 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

Fedora Project

Fedora 15

Fedora 16

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1568	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1568
National Vulnerability Database (NVD)
2	CVE-2012-1568	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1568

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Fedora Update Notification
1	FEDORA-2012-3715	http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076584.html
2	FEDORA-2012-4410	http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076375.html
Oracle
3	[mm] x86_32: randomize SHLIB_BASE (Aristeu Rozanski) [804955 804956] {CVE-2012-1568}	https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=302a4fc15aebf202b6dffd6c804377c6058ee6e4
Red Hat Bugzilla
4	Bug 804947	https://bugzilla.redhat.com/show_bug.cgi?id=804947
Red Hat Security Advisory
5	RHSA-2012:1426	https://rhn.redhat.com/errata/RHSA-2012-1426.html
6	RHSA-2013:0168	https://rhn.redhat.com/errata/RHSA-2013-0168.html

Change Log

No	Changed Details	Date of change
0	[2013年03月04日] 掲載	Feb. 17, 2018, 10:37 a.m.