Executive Summary

Informations
Name CVE-2012-0217 First vendor Publication 2012-06-12
Vendor Cve Last vendor Modification 2020-09-28

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15596
 
Oval ID: oval:org.mitre.oval:def:15596
Title: User Mode Scheduler Memory Corruption Vulnerability (CVE-2012-0217)
Description: The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0217
 Version: 8
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19281
 
Oval ID: oval:org.mitre.oval:def:19281
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0217
 Version: 3
Platform(s): Sun Solaris 10
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19861
 
Oval ID: oval:org.mitre.oval:def:19861
Title: DSA-2508-1 kfreebsd-8 - privilege escalation
Description: Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users.
Family: unix Class: patch
Reference(s): DSA-2508-1
CVE-2012-0217
 Version: 5
Platform(s): Debian GNU/kFreeBSD 6.0
 Product(s): kfreebsd-8
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 18
Application 2
Application 16
Os 289
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 74
Os 42
Os 44

ExploitDB Exploits

id Description
2012-08-27 Microsoft Windows Kernel Intel x64 SYSRET PoC

OpenVAS Exploits

Date Description
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)
File : nvt/gb_suse_2012_0886_1.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-9386
File : nvt/gb_fedora_2012_9386_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11182
File : nvt/gb_fedora_2012_11182_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11755
File : nvt/gb_fedora_2012_11755_xen_fc17.nasl
2012-08-24 Name : Fedora Update for xen FEDORA-2012-11785
File : nvt/gb_fedora_2012_11785_xen_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8)
File : nvt/deb_2508_1.nasl
2012-08-10 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2501-1 (xen)
File : nvt/deb_2501_1.nasl
2012-08-06 Name : Fedora Update for xen FEDORA-2012-11190
File : nvt/gb_fedora_2012_11190_xen_fc16.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2012:0721 centos5
File : nvt/gb_CESA-2012_0721_kernel_centos5.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9399
File : nvt/gb_fedora_2012_9399_xen_fc16.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9430
File : nvt/gb_fedora_2012_9430_xen_fc15.nasl
2012-06-15 Name : RedHat Update for kernel RHSA-2012:0721-01
File : nvt/gb_RHSA-2012_0721-01_kernel.nasl
2012-06-13 Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
File : nvt/secpod_ms12-042.nasl

Metasploit Database

id Description
2012-06-12 FreeBSD Intel SYSRET Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2012-0022.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2012-0021.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2012-0020.nasl - Type : ACT_GATHER_INFO
2014-07-26 Name : The remote Solaris system is missing a security patch from CPU oct2012.
File : solaris_oct2012_SRU10_5.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-404.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-403.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-24.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0721-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0721.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xen-201206-120606.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0720.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120612_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2508.nasl - Type : ACT_GATHER_INFO
2012-06-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2501.nasl - Type : ACT_GATHER_INFO
2012-06-28 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_aed44c4ec06711e1b5e0000c299b62e1.nasl - Type : ACT_GATHER_INFO
2012-06-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9430.nasl - Type : ACT_GATHER_INFO
2012-06-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9399.nasl - Type : ACT_GATHER_INFO
2012-06-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9386.nasl - Type : ACT_GATHER_INFO
2012-06-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0721.nasl - Type : ACT_GATHER_INFO
2012-06-13 Name : The Windows kernel is affected by multiple elevation of privilege vulnerabili...
File : smb_nt_ms12-042.nasl - Type : ACT_GATHER_INFO
2012-06-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xen-201206-8180.nasl - Type : ACT_GATHER_INFO
2012-06-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0721.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CERT http://www.us-cert.gov/cas/techalerts/TA12-164A.html
CERT-VN http://www.kb.cert.org/vuls/id/649219
CONFIRM http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/
http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/
http://smartos.org/2012/06/15/smartos-news-3/
http://support.citrix.com/article/CTX133161
http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June1...
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
https://bugzilla.redhat.com/show_bug.cgi?id=813428
https://www.illumos.org/issues/2873
DEBIAN http://www.debian.org/security/2012/dsa-2501
http://www.debian.org/security/2012/dsa-2508
EXPLOIT-DB https://www.exploit-db.com/exploits/28718/
https://www.exploit-db.com/exploits/46508/
FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc
GENTOO http://security.gentoo.org/glsa/glsa-201309-24.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
MLIST http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12...
NETBSD http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECUNIA http://secunia.com/advisories/55082

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
Date Informations
2024-02-16 12:16:34
  • Multiple Updates
2024-02-15 01:17:07
  • Multiple Updates
2024-02-02 01:18:09
  • Multiple Updates
2024-02-01 12:05:23
  • Multiple Updates
2024-01-13 01:16:21
  • Multiple Updates
2023-09-05 12:17:04
  • Multiple Updates
2023-09-05 01:05:16
  • Multiple Updates
2023-09-02 12:17:08
  • Multiple Updates
2023-09-02 01:05:21
  • Multiple Updates
2023-08-12 12:20:50
  • Multiple Updates
2023-08-12 01:05:22
  • Multiple Updates
2023-08-11 12:17:14
  • Multiple Updates
2023-08-11 01:05:32
  • Multiple Updates
2023-08-06 12:16:34
  • Multiple Updates
2023-08-06 01:05:22
  • Multiple Updates
2023-08-04 12:16:37
  • Multiple Updates
2023-08-04 01:05:23
  • Multiple Updates
2023-07-14 12:16:36
  • Multiple Updates
2023-07-14 01:05:20
  • Multiple Updates
2023-03-29 01:18:34
  • Multiple Updates
2023-03-28 12:05:28
  • Multiple Updates
2022-12-15 01:14:19
  • Multiple Updates
2022-10-11 12:14:50
  • Multiple Updates
2022-10-11 01:05:04
  • Multiple Updates
2021-09-02 01:10:01
  • Multiple Updates
2021-05-05 01:09:53
  • Multiple Updates
2021-05-04 12:18:59
  • Multiple Updates
2021-04-22 01:22:42
  • Multiple Updates
2021-03-27 01:08:29
  • Multiple Updates
2020-10-28 01:07:27
  • Multiple Updates
2020-09-28 17:22:44
  • Multiple Updates
2020-05-23 13:16:59
  • Multiple Updates
2020-05-23 01:47:53
  • Multiple Updates
2020-05-23 00:32:37
  • Multiple Updates
2019-03-22 12:04:09
  • Multiple Updates
2019-03-20 12:04:25
  • Multiple Updates
2019-03-19 12:04:49
  • Multiple Updates
2019-03-08 17:18:31
  • Multiple Updates
2018-10-13 05:18:35
  • Multiple Updates
2018-09-20 12:09:30
  • Multiple Updates
2018-06-22 12:03:49
  • Multiple Updates
2017-10-05 09:23:10
  • Multiple Updates
2017-09-19 09:25:08
  • Multiple Updates
2017-08-03 12:00:41
  • Multiple Updates
2017-04-06 12:03:32
  • Multiple Updates
2017-02-24 12:00:46
  • Multiple Updates
2016-09-30 01:03:31
  • Multiple Updates
2016-06-28 18:58:41
  • Multiple Updates
2016-04-26 21:24:36
  • Multiple Updates
2014-11-27 13:28:01
  • Multiple Updates
2014-07-26 13:27:38
  • Multiple Updates
2014-06-14 13:32:10
  • Multiple Updates
2014-02-17 11:07:14
  • Multiple Updates
2013-10-11 13:23:19
  • Multiple Updates
2013-10-03 21:20:28
  • Multiple Updates
2013-05-10 22:31:59
  • Multiple Updates
2013-03-07 13:19:43
  • Multiple Updates
2013-02-22 13:22:13
  • Multiple Updates
2012-12-05 13:18:54
  • Multiple Updates