[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0055Date: (C)2020-02-20   (M)2024-02-22


OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.8CVSS Score : 7.2
Exploit Score: 1.8Exploit Score: 3.9
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
http://www.openwall.com/lists/oss-security/2012/01/17/11
http://www.ubuntu.com/usn/USN-1363-1
http://www.ubuntu.com/usn/USN-1364-1
http://www.ubuntu.com/usn/USN-1384-1
https://access.redhat.com/security/cve/cve-2012-0055
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055

CPE    3
cpe:/o:linux:linux_kernel
cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:11.10
CWE    1
CWE-862
OVAL    3
oval:org.secpod.oval:def:700761
oval:org.secpod.oval:def:700762
oval:org.secpod.oval:def:700798

© SecPod Technologies