Vulnerabilities > CVE-2012-0217 - Buffer Errors vulnerability in Freebsd

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
freebsd
illumos
joyent
xen
microsoft
citrix
netbsd
sun
CWE-119
nessus
exploit available
metasploit

Summary

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-042 'This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2. Systems with AMD or ARM-based CPUs are not affected by this vulnerability.'

Vulnerable Configurations

Part Description Count
OS
Freebsd
574
OS
Illumos
1
OS
Joyent
1
OS
Xen
34
OS
Microsoft
6
OS
Netbsd
3
OS
Sun
34
Application
Citrix
10

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

  • descriptionMicrosoft Windows Kernel Intel x64 SYSRET PoC. CVE-2012-0217. Local exploit for win64 platform
    idEDB-ID:20861
    last seen2016-02-02
    modified2012-08-27
    published2012-08-27
    reporterShahriyar Jalayeri
    sourcehttps://www.exploit-db.com/download/20861/
    titleMicrosoft Windows Kernel Intel x64 SYSRET PoC
  • fileexploits/freebsd_x86-64/local/46508.rb
    idEDB-ID:46508
    last seen2019-03-07
    modified2019-03-07
    platformfreebsd_x86-64
    port
    published2019-03-07
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/46508
    titleFreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
    typelocal
  • descriptionFreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation Exploit. CVE-2012-0217. Local exploit for freebsd platform
    fileexploits/freebsd/local/28718.c
    idEDB-ID:28718
    last seen2016-02-03
    modified2013-10-04
    platformfreebsd
    port
    published2013-10-04
    reporterCurcolHekerLink
    sourcehttps://www.exploit-db.com/download/28718/
    titleFreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation Exploit
    typelocal

Metasploit

descriptionThis module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution. This module has been tested successfully on: FreeBSD 8.3-RELEASE (amd64); and FreeBSD 9.0-RELEASE (amd64).
idMSF:EXPLOIT/FREEBSD/LOCAL/INTEL_SYSRET_PRIV_ESC
last seen2020-06-13
modified2018-12-21
published2018-12-09
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/freebsd/local/intel_sysret_priv_esc.rb
titleFreeBSD Intel SYSRET Privilege Escalation

Msbulletin

bulletin_idMS12-042
bulletin_url
date2012-06-12T00:00:00
impactElevation of Privilege
knowledgebase_id2711167
knowledgebase_url
severityImportant
titleVulnerabilities in Windows Kernel Could Allow Elevation of Privilege

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2501.NASL
    descriptionSeveral vulnerabilities were discovered in Xen, a hypervisor. - CVE-2012-0217 Xen does not properly handle uncanonical return addresses on Intel amd64 CPUs, allowing amd64 PV guests to elevate to hypervisor privileges. AMD processors, HVM and i386 guests are not affected. - CVE-2012-0218 Xen does not properly handle SYSCALL and SYSENTER instructions in PV guests, allowing unprivileged users inside a guest system to crash the guest system. - CVE-2012-2934 Xen does not detect old AMD CPUs affected by AMD Erratum #121. For CVE-2012-2934, Xen refuses to start domUs on affected systems unless the
    last seen2020-03-17
    modified2012-06-29
    plugin id59779
    published2012-06-29
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59779
    titleDebian DSA-2501-1 : xen - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2501. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59779);
      script_version("1.15");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934");
      script_bugtraq_id(53856, 53955, 53961);
      script_xref(name:"DSA", value:"2501");
    
      script_name(english:"Debian DSA-2501-1 : xen - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in Xen, a hypervisor.
    
      - CVE-2012-0217
        Xen does not properly handle uncanonical return
        addresses on Intel amd64 CPUs, allowing amd64 PV guests
        to elevate to hypervisor privileges. AMD processors, HVM
        and i386 guests are not affected.
    
      - CVE-2012-0218
        Xen does not properly handle SYSCALL and SYSENTER
        instructions in PV guests, allowing unprivileged users
        inside a guest system to crash the guest system.
    
      - CVE-2012-2934
        Xen does not detect old AMD CPUs affected by AMD Erratum
        #121.
    
    For CVE-2012-2934, Xen refuses to start domUs on affected systems
    unless the 'allow_unsafe' option is passed."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-0217"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-0218"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-2934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-2934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/xen"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2012/dsa-2501"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the xen packages.
    
    For the stable distribution (squeeze), these problems have been fixed
    in version 4.0.1-5.2."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'FreeBSD Intel SYSRET Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"libxen-dev", reference:"4.0.1-5.2")) flag++;
    if (deb_check(release:"6.0", prefix:"libxenstore3.0", reference:"4.0.1-5.2")) flag++;
    if (deb_check(release:"6.0", prefix:"xen-docs-4.0", reference:"4.0.1-5.2")) flag++;
    if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-amd64", reference:"4.0.1-5.2")) flag++;
    if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-i386", reference:"4.0.1-5.2")) flag++;
    if (deb_check(release:"6.0", prefix:"xen-utils-4.0", reference:"4.0.1-5.2")) flag++;
    if (deb_check(release:"6.0", prefix:"xenstore-utils", reference:"4.0.1-5.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-24.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have “tmem” specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036
    last seen2020-06-01
    modified2020-06-02
    plugin id70184
    published2013-09-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70184
    titleGLSA-201309-24 : Xen: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201309-24.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70184);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2011-2901", "CVE-2011-3262", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5525", "CVE-2012-5634", "CVE-2012-6030", "CVE-2012-6031", "CVE-2012-6032", "CVE-2012-6033", "CVE-2012-6034", "CVE-2012-6035", "CVE-2012-6036", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0151", "CVE-2013-0152", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211");
      script_bugtraq_id(49370, 53856, 53955, 53961, 54691, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 55442, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 56805, 57159, 57223, 57420, 57494, 57495, 57742, 57745, 58880, 59070, 59291, 59292, 59293, 59615, 59617, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799);
      script_xref(name:"GLSA", value:"201309-24");
    
      script_name(english:"GLSA-201309-24 : Xen: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201309-24
    (Xen: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Xen. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        Guest domains could possibly gain privileges, execute arbitrary code, or
          cause a Denial of Service on the host domain (Dom0). Additionally, guest
          domains could gain information about other virtual machines running on
          the same host or read arbitrary files on the host.
      
    Workaround :
    
        The CVEs listed below do not currently have fixes, but only apply to Xen
          setups which have “tmem” specified on the hypervisor command line.
          TMEM is not currently supported for use in production systems, and
          administrators using tmem should disable it.
          Relevant CVEs:
          * CVE-2012-2497
          * CVE-2012-6030
          * CVE-2012-6031
          * CVE-2012-6032
          * CVE-2012-6033
          * CVE-2012-6034
          * CVE-2012-6035
          * CVE-2012-6036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201309-24"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Xen users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.2-r1'
        All Xen-tools users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/xen-tools-4.2.2-r3'
        All Xen-pvgrub users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/xen-pvgrub-4.2.2-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'FreeBSD Intel SYSRET Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-pvgrub");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-emulation/xen-pvgrub", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
    if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
    if (qpkg_check(package:"app-emulation/xen-tools", unaffected:make_list("ge 4.2.2-r3"), vulnerable:make_list("lt 4.2.2-r3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-9430.NASL
    descriptionmake pygrub cope better with big files from guest (#818412 CVE-2012-2625), 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217], guest denial of service on syscall/sysenter exception generation [CVE-2012-0218], PV guest host Denial of Service [CVE-2012-2934] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-06-26
    plugin id59696
    published2012-06-26
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59696
    titleFedora 15 : xen-4.1.2-8.fc15 (2012-9430)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2012-9430.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59696);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_xref(name:"FEDORA", value:"2012-9430");
    
      script_name(english:"Fedora 15 : xen-4.1.2-8.fc15 (2012-9430)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "make pygrub cope better with big files from guest (#818412
    CVE-2012-2625), 64-bit PV guest privilege escalation vulnerability
    [CVE-2012-0217], guest denial of service on syscall/sysenter exception
    generation [CVE-2012-0218], PV guest host Denial of Service
    [CVE-2012-2934]
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082752.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ebc2ae1d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC15", reference:"xen-4.1.2-8.fc15")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2012-0022.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2012-0217 CVE-2012-0218: guest DoS on syscall/sysenter exception generation [orabug 13993157]
    last seen2020-06-01
    modified2020-06-02
    plugin id79478
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79478
    titleOracleVM 2.2 : xen (OVMSA-2012-0022)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0721.NASL
    descriptionUpdated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important) * It was found that guests could trigger a bug in earlier AMD CPUs, leading to a CPU hard lockup, when running on the Xen hypervisor implementation. An unprivileged user in a 64-bit para-virtualized guest could use this flaw to crash the host. Warning: After installing this update, hosts that are using an affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will fail to boot. In order to boot such hosts, the new kernel parameter, allow_unsafe, can be used (
    last seen2020-06-01
    modified2020-06-02
    plugin id59467
    published2012-06-13
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59467
    titleRHEL 5 : kernel (RHSA-2012:0721)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS12-042.NASL
    descriptionThe remote host is running a Windows kernel version that is affected by multiple elevation of privilege vulnerabilities : - A vulnerability exists in the way that the Windows User Mode Scheduler handles system requests that can be exploited to execute arbitrary code in kernel mode. (CVE-2012-0217) - A vulnerability exists in the way that Windows handles BIOS memory that can be exploited to execute arbitrary code in kernel mode. (CVE-2012-1515)
    last seen2020-06-01
    modified2020-06-02
    plugin id59460
    published2012-06-13
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59460
    titleMS12-042: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2012-0021.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - x86-64: detect processors subject to AMD erratum #121 and refuse to boot(CVE-2006-0744) - guest denial of service on syscall/sysenter exception generation (CVE-2012-0217),(CVE-2012-0218) - Remove unnecessary balloon retries on vm create. This is a backport from fix for bug 14143327.
    last seen2020-06-01
    modified2020-06-02
    plugin id79477
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79477
    titleOracleVM 3.1 : xen (OVMSA-2012-0021)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0721-1.NASL
    descriptionFrom Red Hat Security Advisory 2012:0721 : Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important) * It was found that guests could trigger a bug in earlier AMD CPUs, leading to a CPU hard lockup, when running on the Xen hypervisor implementation. An unprivileged user in a 64-bit para-virtualized guest could use this flaw to crash the host. Warning: After installing this update, hosts that are using an affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will fail to boot. In order to boot such hosts, the new kernel parameter, allow_unsafe, can be used (
    last seen2020-06-01
    modified2020-06-02
    plugin id68539
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/68539
    titleOracle Linux 5 : kernel (ELSA-2012-0721-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-404.NASL
    descriptionThis update of XEN fixed multiple security flaws that could be exploited by local attackers to cause a Denial of Service or potentially escalate privileges. Additionally, several other upstream changes were backported.
    last seen2020-06-05
    modified2014-06-13
    plugin id74683
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74683
    titleopenSUSE Security Update : xen (openSUSE-2012-404)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-9399.NASL
    descriptionmake pygrub cope better with big files from guest (#818412 CVE-2012-2625), 64-bit PV guest privilege escalation vulnerability [CVE-2012-0217], guest denial of service on syscall/sysenter exception generation [CVE-2012-0218], PV guest host Denial of Service [CVE-2012-2934] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-06-26
    plugin id59693
    published2012-06-26
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59693
    titleFedora 16 : xen-4.1.2-8.fc16 (2012-9399)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_XEN-201206-120606.NASL
    descriptionThree security issues were found in XEN. Two security issues are fixed by this update : - Due to incorrect fault handling in the XEN hypervisor it was possible for a XEN guest domain administrator to execute code in the XEN host environment. (CVE-2012-0217) - Also a guest user could crash the guest XEN kernel due to a protection fault bounce. The third fix is changing the Xen behaviour on certain hardware:. (CVE-2012-0218) - The issue is a denial of service issue on older pre-SVM AMD CPUs (AMD Erratum 121). AMD Erratum #121 is described in
    last seen2020-06-05
    modified2013-01-25
    plugin id64233
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64233
    titleSuSE 11.1 Security Update : Xen (SAT Patch Number 6399)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120612_KERNEL_ON_SL5_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - It was found that the Xen hypervisor implementation as shipped with Scientific Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important) - It was found that guests could trigger a bug in earlier AMD CPUs, leading to a CPU hard lockup, when running on the Xen hypervisor implementation. An unprivileged user in a 64-bit para-virtualized guest could use this flaw to crash the host. Warning: After installing this update, hosts that are using an affected AMD CPU (refer to upstream bug #824966 for a list) will fail to boot. In order to boot such hosts, the new kernel parameter, allow_unsafe, can be used (
    last seen2020-03-18
    modified2012-08-01
    plugin id61326
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61326
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120612)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-9386.NASL
    description64-bit PV guest privilege escalation vulnerability [CVE-2012-0217], guest denial of service on syscall/sysenter exception generation [CVE-2012-0218], PV guest host Denial of Service [CVE-2012-2934] Enable xenconsoled by default under systemd, adjust xend.service systemd file to avoid selinux problems Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-06-26
    plugin id59692
    published2012-06-26
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59692
    titleFedora 17 : xen-4.1.2-20.fc17 (2012-9386)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2012-0020.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - x86-64: detect processors subject to AMD erratum #121 and refuse to boot(CVE-2006-0744) - guest denial of service on syscall/sysenter exception generation (CVE-2012-0217) - Remove unnecessary balloon retries on vm create. This is a backport from fix for bug 14143327. - This backport from 3.1.1: Author: amisherf Put back the patch that prevent older guest that uses kudzu from hanging on a reboot. Fixed the patch to prevent excessive watcher writes which causes xend, xenstored to run at a 100% cpu usage. Now the watch is written only if console in Initialising, InitWait, Initialised states which happen once at boot time. [bug 13523487] - Backport from upstream changeset 20968 xend: notify xenpv device model that console info is ready Sometimes PV domain with vfb doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id79476
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79476
    titleOracleVM 3.0 : xen (OVMSA-2012-0020)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0720.NASL
    descriptionUpdated kernel packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 19th June 2012] The original erratum text provided an incorrect description for BZ#807929. The text has been updated to provide the correct description. No changes have been made to the packages. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important) Note: For Red Hat Enterprise Linux guests, only privileged guest users can exploit CVE-2012-0217. * A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id64039
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64039
    titleRHEL 5 : kernel (RHSA-2012:0720)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0721.NASL
    descriptionUpdated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important) * It was found that guests could trigger a bug in earlier AMD CPUs, leading to a CPU hard lockup, when running on the Xen hypervisor implementation. An unprivileged user in a 64-bit para-virtualized guest could use this flaw to crash the host. Warning: After installing this update, hosts that are using an affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will fail to boot. In order to boot such hosts, the new kernel parameter, allow_unsafe, can be used (
    last seen2020-06-01
    modified2020-06-02
    plugin id59479
    published2012-06-14
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59479
    titleCentOS 5 : kernel (CESA-2012:0721)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2508.NASL
    descriptionRafal Wojtczuk from Bromium discovered that FreeBSD wasn
    last seen2020-03-17
    modified2012-07-23
    plugin id60088
    published2012-07-23
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60088
    titleDebian DSA-2508-1 : kfreebsd-8 - privilege escalation
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_AED44C4EC06711E1B5E0000C299B62E1.NASL
    descriptionProblem description : FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash. To exploit this vulnerability, an attacker must be able to run code with user privileges on the target system.
    last seen2020-06-01
    modified2020-06-02
    plugin id59748
    published2012-06-28
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59748
    titleFreeBSD : FreeBSD -- Privilege escalation when returning from kernel (aed44c4e-c067-11e1-b5e0-000c299b62e1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XEN-201206-8180.NASL
    descriptionThree security issues were found in XEN. Two security issues are fixed by this update : - Due to incorrect fault handling in the XEN hypervisor it was possible for a XEN guest domain administrator to execute code in the XEN host environment. (CVE-2012-0217) - Also a guest user could crash the guest XEN kernel due to a protection fault bounce. (CVE-2012-0218) The third fix is changing the Xen behaviour on certain hardware : - The issue is a denial of service issue on older pre-SVM AMD CPUs (AMD Erratum 121). (CVE-2012-2934) AMD Erratum #121 is described in
    last seen2020-06-05
    modified2012-06-13
    plugin id59469
    published2012-06-13
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59469
    titleSuSE 10 Security Update : Xen (ZYPP Patch Number 8180)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-403.NASL
    descriptionThis update of XEN fixed multiple security flaws that could be exploited by local attackers to cause a Denial of Service or potentially escalate privileges. Additionally, several other upstream changes were backported.
    last seen2020-06-05
    modified2014-06-13
    plugin id74682
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74682
    titleopenSUSE Security Update : xen (openSUSE-SU-2012:0886-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS_OCT2012_SRU10_5.NASL
    descriptionThis Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: CVE-2012-0217 only affects Solaris instances running on platforms other than SPARC. (CVE-2012-0217) - Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Power Management). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. (CVE-2012-3204) - Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Logical Domain(LDOM)). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data. Note: CVE-2012-3209 and CVE-2012-3215 only affects Solaris on the SPARC platform. (CVE-2012-3209) - Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Vino server). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. (CVE-2012-3205)
    last seen2020-06-01
    modified2020-06-02
    plugin id76829
    published2014-07-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76829
    titleOracle Solaris Critical Patch Update : oct2012_SRU10_5
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0721.NASL
    descriptionFrom Red Hat Security Advisory 2012:0721 : Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important) * It was found that guests could trigger a bug in earlier AMD CPUs, leading to a CPU hard lockup, when running on the Xen hypervisor implementation. An unprivileged user in a 64-bit para-virtualized guest could use this flaw to crash the host. Warning: After installing this update, hosts that are using an affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will fail to boot. In order to boot such hosts, the new kernel parameter, allow_unsafe, can be used (
    last seen2020-06-01
    modified2020-06-02
    plugin id68540
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68540
    titleOracle Linux 5 : kernel (ELSA-2012-0721)

Oval

accepted2012-07-30T04:00:28.580-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameChandan S
    organizationSecPod Technologies
definition_extensions
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows 7 x64 Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12627
  • commentMicrosoft Windows Server 2008 R2 x64 Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12567
descriptionThe x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
familywindows
idoval:org.mitre.oval:def:15596
statusaccepted
submitted2012-06-18T12:53:22
titleUser Mode Scheduler Memory Corruption Vulnerability (CVE-2012-0217)
version77

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/152001/intel_sysret_priv_esc.rb.txt
idPACKETSTORM:152001
last seen2019-03-07
published2019-03-07
reporterRafal Wojtczuk
sourcehttps://packetstormsecurity.com/files/152001/FreeBSD-Intel-SYSRET-Privilege-Escalation.html
titleFreeBSD Intel SYSRET Privilege Escalation

Redhat

rpms
  • kernel-0:2.6.18-238.39.1.el5
  • kernel-PAE-0:2.6.18-238.39.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-238.39.1.el5
  • kernel-PAE-devel-0:2.6.18-238.39.1.el5
  • kernel-debug-0:2.6.18-238.39.1.el5
  • kernel-debug-debuginfo-0:2.6.18-238.39.1.el5
  • kernel-debug-devel-0:2.6.18-238.39.1.el5
  • kernel-debuginfo-0:2.6.18-238.39.1.el5
  • kernel-debuginfo-common-0:2.6.18-238.39.1.el5
  • kernel-devel-0:2.6.18-238.39.1.el5
  • kernel-doc-0:2.6.18-238.39.1.el5
  • kernel-headers-0:2.6.18-238.39.1.el5
  • kernel-kdump-0:2.6.18-238.39.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-238.39.1.el5
  • kernel-kdump-devel-0:2.6.18-238.39.1.el5
  • kernel-xen-0:2.6.18-238.39.1.el5
  • kernel-xen-debuginfo-0:2.6.18-238.39.1.el5
  • kernel-xen-devel-0:2.6.18-238.39.1.el5
  • kernel-0:2.6.18-308.8.2.el5
  • kernel-PAE-0:2.6.18-308.8.2.el5
  • kernel-PAE-debuginfo-0:2.6.18-308.8.2.el5
  • kernel-PAE-devel-0:2.6.18-308.8.2.el5
  • kernel-debug-0:2.6.18-308.8.2.el5
  • kernel-debug-debuginfo-0:2.6.18-308.8.2.el5
  • kernel-debug-devel-0:2.6.18-308.8.2.el5
  • kernel-debuginfo-0:2.6.18-308.8.2.el5
  • kernel-debuginfo-common-0:2.6.18-308.8.2.el5
  • kernel-devel-0:2.6.18-308.8.2.el5
  • kernel-doc-0:2.6.18-308.8.2.el5
  • kernel-headers-0:2.6.18-308.8.2.el5
  • kernel-kdump-0:2.6.18-308.8.2.el5
  • kernel-kdump-debuginfo-0:2.6.18-308.8.2.el5
  • kernel-kdump-devel-0:2.6.18-308.8.2.el5
  • kernel-xen-0:2.6.18-308.8.2.el5
  • kernel-xen-debuginfo-0:2.6.18-308.8.2.el5
  • kernel-xen-devel-0:2.6.18-308.8.2.el5