Executive Summary

Informations
Name CVE-2012-1583 First vendor Publication 2012-06-16
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1583

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20668
 
Oval ID: oval:org.mitre.oval:def:20668
Title: VMware vSphere and vCOps updates to third party libraries
Description: Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1583
 Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21179
 
Oval ID: oval:org.mitre.oval:def:21179
Title: RHSA-2012:0480: kernel security, bug fix, and enhancement update (Important)
Description: Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
Family: unix Class: patch
Reference(s): RHSA-2012:0480-02
CESA-2012:0480
CVE-2012-1583
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23051
 
Oval ID: oval:org.mitre.oval:def:23051
Title: ELSA-2012:0480: kernel security, bug fix, and enhancement update (Important)
Description: Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
Family: unix Class: patch
Reference(s): ELSA-2012:0480-02
CVE-2012-1583
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27823
 
Oval ID: oval:org.mitre.oval:def:27823
Title: ELSA-2012-0480-1 -- kernel security, bug fix, and enhancement update (important)
Description: [2.6.18-308.4.1.0.1.el5] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346]
Family: unix Class: patch
Reference(s): ELSA-2012-0480-1
CVE-2012-1583
 Version: 5
Platform(s): Oracle Linux 5
 Product(s): kernel
ocfs2
oracleasm
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27912
 
Oval ID: oval:org.mitre.oval:def:27912
Title: DEPRECATED: ELSA-2012-0480 -- kernel security, bug fix, and enhancement update (important)
Description: [2.6.18-308.4.1.el5] - [net] ipv6: fix skb double free in xfrm6_tunnel (Jiri Benc) [752305 743375] {CVE-2012-1583} [2.6.18-308.3.1.el5] - [net] be2net: cancel be_worker during EEH recovery (Ivan Vecera) [805462 773735] - [net] be2net: add vlan/rx-mode/flow-control config to be_setup (Ivan Vecera) [805462 773735] - [x86] disable TSC synchronization when using kvmclock (Marcelo Tosatti) [805460 799170] - [fs] vfs: fix LOOKUP_DIRECTORY not propagated to managed_dentry (Ian Kent) [801726 798809] - [fs] vfs: fix d_instantiate_unique (Ian Kent) [801726 798809] - [fs] nfs: allow high priority COMMITs to bypass inode commit lock (Jeff Layton) [799941 773777] - [fs] nfs: don't skip COMMITs if system under is mem pressure (Jeff Layton) [799941 773777] - [scsi] qla2xxx: Read the HCCR register to flush any PCIe writes (Chad Dupuis) [798748 772192] - [scsi] qla2xxx: Complete mbox cmd timeout before next reset cycle (Chad Dupuis) [798748 772192] - [s390] qdio: wrong buffers-used counter for ERROR buffers (Hendrik Brueckner) [801724 790840] - [net] bridge: Reset IPCB when entering IP stack (Herbert Xu) [804721 749813] - [fs] procfs: add hidepid= and gid= mount options (Jerome Marchand) [770649 770650] - [fs] procfs: parse mount options (Jerome Marchand) [770649 770650] [2.6.18-308.2.1.el5] - [fs] nfs: nfs_fhget should wait on I_NEW instead of I_LOCK (Sachin Prabhu) [795664 785062]
Family: unix Class: patch
Reference(s): ELSA-2012-0480
CVE-2012-1583
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 880

OpenVAS Exploits

Date Description
2012-08-31 Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2012:0480 centos5
File : nvt/gb_CESA-2012_0480_kernel_centos5.nasl
2012-06-15 Name : RedHat Update for kernel RHSA-2012:0480-01
File : nvt/gb_RHSA-2012_0480-01_kernel.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-09-27 IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13 IAVM : 2012-B-0086 - VMware vCenter Operations Arbitrary File Overwrite Vulnerability
Severity : Category I - VMSKEY : V0033791
2012-09-13 IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity : Category I - VMSKEY : V0033792
2012-09-13 IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity : Category I - VMSKEY : V0033793
2012-09-13 IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794

Nessus® Vulnerability Scanner

Date Description
2016-02-29 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0488.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO
2013-07-29 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0480-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0480.nasl - Type : ACT_GATHER_INFO
2013-06-17 Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-06-05 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0720.nasl - Type : ACT_GATHER_INFO
2012-08-31 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120417_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-04-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0480.nasl - Type : ACT_GATHER_INFO
2012-04-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0480.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/53139
CONFIRM http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
https://bugzilla.redhat.com/show_bug.cgi?id=752304
https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8...
HP http://marc.info/?l=bugtraq&m=133951357207000&w=2
MISC http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
REDHAT http://rhn.redhat.com/errata/RHSA-2012-0488.html
SECTRACK http://www.securitytracker.com/id?1026930
SECUNIA http://secunia.com/advisories/48881

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Date Informations
2024-02-02 01:18:49
  • Multiple Updates
2024-02-01 12:05:34
  • Multiple Updates
2023-09-05 12:17:45
  • Multiple Updates
2023-09-05 01:05:27
  • Multiple Updates
2023-09-02 12:17:46
  • Multiple Updates
2023-09-02 01:05:32
  • Multiple Updates
2023-08-12 12:21:31
  • Multiple Updates
2023-08-12 01:05:33
  • Multiple Updates
2023-08-11 12:17:53
  • Multiple Updates
2023-08-11 01:05:43
  • Multiple Updates
2023-08-06 12:17:11
  • Multiple Updates
2023-08-06 01:05:33
  • Multiple Updates
2023-08-04 12:17:15
  • Multiple Updates
2023-08-04 01:05:36
  • Multiple Updates
2023-07-14 12:17:14
  • Multiple Updates
2023-07-14 01:05:31
  • Multiple Updates
2023-03-29 01:19:10
  • Multiple Updates
2023-03-28 12:05:39
  • Multiple Updates
2023-02-13 05:28:32
  • Multiple Updates
2023-02-02 21:28:43
  • Multiple Updates
2022-10-11 12:15:23
  • Multiple Updates
2022-10-11 01:05:15
  • Multiple Updates
2022-03-11 01:12:34
  • Multiple Updates
2021-05-04 12:19:31
  • Multiple Updates
2021-04-22 01:23:13
  • Multiple Updates
2020-08-08 01:07:26
  • Multiple Updates
2020-07-30 01:07:49
  • Multiple Updates
2020-05-23 01:48:25
  • Multiple Updates
2020-05-23 00:33:14
  • Multiple Updates
2019-01-25 12:04:37
  • Multiple Updates
2018-10-30 12:04:57
  • Multiple Updates
2016-08-23 09:24:46
  • Multiple Updates
2016-06-30 21:34:27
  • Multiple Updates
2016-06-29 00:26:03
  • Multiple Updates
2016-06-28 21:56:25
  • Multiple Updates
2016-06-28 19:04:29
  • Multiple Updates
2016-04-26 21:40:20
  • Multiple Updates
2016-03-01 13:26:32
  • Multiple Updates
2014-11-27 13:28:02
  • Multiple Updates
2014-11-18 13:26:02
  • Multiple Updates
2014-02-17 11:09:05
  • Multiple Updates
2013-11-11 12:39:50
  • Multiple Updates
2013-05-10 22:36:05
  • Multiple Updates
2013-05-04 17:19:50
  • Multiple Updates
2012-12-29 13:20:28
  • Multiple Updates