Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-1097 | First vendor Publication | 2012-05-17 |
| Vendor | Cve | Last vendor Modification | 2023-02-13 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1097 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-476 | NULL Pointer Dereference |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15254 | |||
| Oval ID: | oval:org.mitre.oval:def:15254 | ||
| Title: | DSA-2443-1 linux-2.6 -- privilege escalation/denial of service | ||
| Description: | Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4307 Nageswara R Sastry reported an issue in the ext4 filesystem. Local users with the privileges to mount a filesystem can cause a denial of service by providing a s_log_groups_per_flex value greater than 31. CVE-2011-1833 Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information leak in the eCryptfs filesystem. Local users were able to mount arbitrary directories. CVE-2011-4347 Sasha Levin reported an issue in the device assignment functionality in KVM. Local users with permission to access /dev/kvm could assign unused pci devices to a guest and cause a denial of service. CVE-2012-0045 Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest running on a 64-bit system can crash the guest with a syscall instruction. CVE-2012-1090 CAI Qian reported an issue in the CIFS filesystem. A reference count leak can occur during the lookup of special files, resulting in a denial of service on umount. CVE-2012-1097 H. Peter Anvin reported an issue in the regset infrastructure. Local users can cause a denial of service by triggering the write methods of readonly regsets. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2443-1 CVE-2009-4307 CVE-2011-1833 CVE-2011-4347 CVE-2012-0045 CVE-2012-1090 CVE-2012-1097 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | linux-2.6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26931 | |||
| Oval ID: | oval:org.mitre.oval:def:26931 | ||
| Title: | DEPRECATED: ELSA-2012-0481 -- kernel security, bug fix, and enhancement update (moderate) | ||
| Description: | [2.6.32-220.13.1.el6] - Revert: [fs] NFSv4: include bitmap in nfsv4 get acl data (Sachin Prabhu) [753231 753232] {CVE-2011-4131} [2.6.32-220.12.1.el6] - [net] net_sched: qdisc_alloc_handle() can be too slow (Jiri Pirko) [805458 785891] - [fs] procfs: add hidepid= and gid= mount options (Jerome Marchand) [770651 770652] - [fs] procfs: parse mount options (Jerome Marchand) [770651 770652] - [fs] fuse: add O_DIRECT support (Josef Bacik) [800552 753798] - [kernel] sysctl: restrict write access to dmesg_restrict (Phillip Lougher) [749248 749251] - [block] dm io: fix discard support (Mike Snitzer) [799943 758404] - [net] netlink: wrong size was calculated for vfinfo list blob (Andy Gospodarek) [790338 772136] - [netdrv] mlx4_en: fix endianness with blue frame support (Steve Best) [789911 750166] - [usb] Fix deadlock in hid_reset when Dell iDRAC is reset (Shyam Iyer) [797205 782374] - [virt] vmxnet3: Cap the length of the pskb_may_pull on transmit (bz 790673) (Neil Horman) [801723 790673] - [scsi] megaraid_sas: Fix instance access in megasas_reset_timer (Tomas Henzl) [790341 759318] - [netdrv] macvtap: Fix the minor device number allocation (Steve Best) [796828 786518] - [net] tcp: bind() fix autoselection to share ports (Flavio Leitner) [787764 784671] - [fs] cifs: change oplock break slow work to very slow work (Jeff Layton) [789373 772874] - [net] sunrpc: remove xpt_pool (J. Bruce Fields) [795338 753301] - [net] Potential null skb->dev dereference (Flavio Leitner) [795335 769590] - [net] pkt_sched: Fix sch_sfq vs tcf_bind_filter oops (Jiri Pirko) [786873 667925] - [net] mac80211: cancel auth retries when deauthenticating (John Linville) [797241 754356] | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0481 CVE-2012-0879 CVE-2012-1090 CVE-2012-1097 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2013-09-18 | Name : Debian Security Advisory DSA 2443-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2443_1.nasl |
| 2012-12-18 | Name : Fedora Update for kernel FEDORA-2012-20240 File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl |
| 2012-11-29 | Name : Fedora Update for kernel FEDORA-2012-18691 File : nvt/gb_fedora_2012_18691_kernel_fc16.nasl |
| 2012-11-06 | Name : Fedora Update for kernel FEDORA-2012-17479 File : nvt/gb_fedora_2012_17479_kernel_fc16.nasl |
| 2012-09-04 | Name : Fedora Update for kernel FEDORA-2012-12684 File : nvt/gb_fedora_2012_12684_kernel_fc16.nasl |
| 2012-08-06 | Name : Fedora Update for kernel FEDORA-2012-11348 File : nvt/gb_fedora_2012_11348_kernel_fc16.nasl |
| 2012-07-30 | Name : CentOS Update for kernel CESA-2012:0481 centos6 File : nvt/gb_CESA-2012_0481_kernel_centos6.nasl |
| 2012-07-09 | Name : RedHat Update for kernel RHSA-2012:0481-01 File : nvt/gb_RHSA-2012_0481-01_kernel.nasl |
| 2012-06-25 | Name : Fedora Update for kernel FEDORA-2012-8931 File : nvt/gb_fedora_2012_8931_kernel_fc15.nasl |
| 2012-06-15 | Name : Fedora Update for kernel FEDORA-2012-8890 File : nvt/gb_fedora_2012_8890_kernel_fc16.nasl |
| 2012-06-01 | Name : Ubuntu Update for linux-ti-omap4 USN-1458-1 File : nvt/gb_ubuntu_USN_1458_1.nasl |
| 2012-05-17 | Name : Fedora Update for kernel FEDORA-2012-7594 File : nvt/gb_fedora_2012_7594_kernel_fc15.nasl |
| 2012-05-14 | Name : Fedora Update for kernel FEDORA-2012-7538 File : nvt/gb_fedora_2012_7538_kernel_fc16.nasl |
| 2012-05-11 | Name : Ubuntu Update for linux-lts-backport-natty USN-1440-1 File : nvt/gb_ubuntu_USN_1440_1.nasl |
| 2012-05-04 | Name : Ubuntu Update for linux-lts-backport-oneiric USN-1433-1 File : nvt/gb_ubuntu_USN_1433_1.nasl |
| 2012-05-04 | Name : Ubuntu Update for linux USN-1431-1 File : nvt/gb_ubuntu_USN_1431_1.nasl |
| 2012-04-26 | Name : Fedora Update for kernel FEDORA-2012-6406 File : nvt/gb_fedora_2012_6406_kernel_fc15.nasl |
| 2012-04-26 | Name : Ubuntu Update for linux-ec2 USN-1426-1 File : nvt/gb_ubuntu_USN_1426_1.nasl |
| 2012-04-26 | Name : Ubuntu Update for linux USN-1425-1 File : nvt/gb_ubuntu_USN_1425_1.nasl |
| 2012-04-13 | Name : Ubuntu Update for linux-lts-backport-maverick USN-1421-1 File : nvt/gb_ubuntu_USN_1421_1.nasl |
| 2012-04-13 | Name : Ubuntu Update for linux USN-1422-1 File : nvt/gb_ubuntu_USN_1422_1.nasl |
| 2012-04-02 | Name : Fedora Update for kernel FEDORA-2012-3712 File : nvt/gb_fedora_2012_3712_kernel_fc16.nasl |
| 2012-03-29 | Name : Ubuntu Update for linux USN-1406-1 File : nvt/gb_ubuntu_USN_1406_1.nasl |
| 2012-03-29 | Name : Ubuntu Update for linux USN-1407-1 File : nvt/gb_ubuntu_USN_1407_1.nasl |
| 2012-03-29 | Name : Ubuntu Update for linux USN-1405-1 File : nvt/gb_ubuntu_USN_1405_1.nasl |
| 2012-03-29 | Name : Fedora Update for kernel FEDORA-2012-3715 File : nvt/gb_fedora_2012_3715_kernel_fc15.nasl |
| 2012-03-22 | Name : Fedora Update for kernel FEDORA-2012-4410 File : nvt/gb_fedora_2012_4410_kernel_fc16.nasl |
| 2012-03-19 | Name : Fedora Update for kernel FEDORA-2012-3350 File : nvt/gb_fedora_2012_3350_kernel_fc16.nasl |
| 2012-03-16 | Name : Fedora Update for kernel FEDORA-2012-3356 File : nvt/gb_fedora_2012_3356_kernel_fc15.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2012-0042.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0531.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-342.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-235.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-756.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0481.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2007.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2008.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1042.nasl - Type : ACT_GATHER_INFO |
| 2012-06-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1458-1.nasl - Type : ACT_GATHER_INFO |
| 2012-05-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1440-1.nasl - Type : ACT_GATHER_INFO |
| 2012-05-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1431-1.nasl - Type : ACT_GATHER_INFO |
| 2012-05-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1433-1.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1425-1.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1426-1.nasl - Type : ACT_GATHER_INFO |
| 2012-04-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0481.nasl - Type : ACT_GATHER_INFO |
| 2012-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0481.nasl - Type : ACT_GATHER_INFO |
| 2012-04-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1421-1.nasl - Type : ACT_GATHER_INFO |
| 2012-04-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1422-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1407-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1406-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1405-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2443.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Fedora host is missing a security update. File : fedora_2012-3356.nasl - Type : ACT_GATHER_INFO |
| 2012-03-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-3350.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:18:38 |
|
| 2024-02-01 12:05:31 |
|
| 2023-09-05 12:17:35 |
|
| 2023-09-05 01:05:24 |
|
| 2023-09-02 12:17:36 |
|
| 2023-09-02 01:05:30 |
|
| 2023-08-12 12:21:21 |
|
| 2023-08-12 01:05:30 |
|
| 2023-08-11 12:17:42 |
|
| 2023-08-11 01:05:40 |
|
| 2023-08-06 12:17:01 |
|
| 2023-08-06 01:05:30 |
|
| 2023-08-04 12:17:05 |
|
| 2023-08-04 01:05:33 |
|
| 2023-07-14 12:17:04 |
|
| 2023-07-14 01:05:28 |
|
| 2023-03-29 01:19:00 |
|
| 2023-03-28 12:05:36 |
|
| 2023-02-13 09:28:50 |
|
| 2023-01-18 00:28:07 |
|
| 2022-10-11 12:15:14 |
|
| 2022-10-11 01:05:12 |
|
| 2022-03-11 01:12:27 |
|
| 2021-08-01 12:10:04 |
|
| 2021-07-16 01:41:31 |
|
| 2021-07-16 01:09:39 |
|
| 2021-07-16 00:23:10 |
|
| 2021-05-25 12:09:34 |
|
| 2021-05-04 12:20:56 |
|
| 2021-04-22 01:24:59 |
|
| 2020-08-11 12:07:21 |
|
| 2020-08-08 01:07:23 |
|
| 2020-08-07 12:07:30 |
|
| 2020-08-07 01:07:42 |
|
| 2020-08-01 09:22:50 |
|
| 2020-08-01 05:22:46 |
|
| 2020-07-29 21:23:08 |
|
| 2020-07-28 05:22:42 |
|
| 2020-05-23 01:48:17 |
|
| 2020-05-23 00:33:05 |
|
| 2019-01-25 12:04:35 |
|
| 2018-11-17 12:03:07 |
|
| 2018-10-30 12:04:56 |
|
| 2018-01-18 09:21:53 |
|
| 2017-12-29 09:21:59 |
|
| 2016-12-02 13:24:58 |
|
| 2016-06-30 21:34:24 |
|
| 2016-06-29 00:25:53 |
|
| 2016-06-28 21:55:20 |
|
| 2016-06-28 19:03:03 |
|
| 2016-05-26 13:27:47 |
|
| 2016-05-13 13:29:29 |
|
| 2016-04-26 21:36:17 |
|
| 2015-10-21 13:23:59 |
|
| 2015-10-17 13:23:51 |
|
| 2015-10-02 13:24:29 |
|
| 2015-05-12 13:28:17 |
|
| 2015-02-17 13:24:43 |
|
| 2014-11-27 13:28:02 |
|
| 2014-11-08 13:30:04 |
|
| 2014-10-12 13:26:48 |
|
| 2014-06-14 13:32:29 |
|
| 2014-02-17 11:08:38 |
|
| 2013-09-20 17:21:12 |
|
| 2013-05-10 22:34:42 |
|
| 2013-05-04 17:19:48 |
|
| 2013-02-15 13:20:33 |
|
| 2012-12-19 13:24:55 |
|
