Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-0028 | First vendor Publication | 2012-06-21 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0028 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:27563 | |||
| Oval ID: | oval:org.mitre.oval:def:27563 | ||
| Title: | DEPRECATED: ELSA-2012-0107 -- kernel security and bug fix update (important) | ||
| Description: | This update fixes the following security issues: * Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. Refer to Red Hat Knowledgebase article DOC-67874, linked to in the References, for further details about this issue. (CVE-2011-4127, Important) * A flaw was found in the way the Linux kernel handled robust list pointers of user-space held futexes across exec() calls. A local, unprivileged user could use this flaw to cause a denial of service or, eventually, escalate their privileges. (CVE-2012-0028, Important) * A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with the ability to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate) * A flaw was found in the way the Linux kernel's journal_unmap_buffer() function handled buffer head states. On systems that have an ext4 file system with a journal mounted, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4086, Moderate) * A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207, Moderate) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0107 CVE-2012-0207 CVE-2011-3638 CVE-2011-4127 CVE-2011-4086 CVE-2012-0028 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for kernel CESA-2012:0107 centos5 File : nvt/gb_CESA-2012_0107_kernel_centos5.nasl |
| 2012-03-07 | Name : Ubuntu Update for linux USN-1390-1 File : nvt/gb_ubuntu_USN_1390_1.nasl |
| 2012-02-13 | Name : RedHat Update for kernel RHSA-2012:0107-01 File : nvt/gb_RHSA-2012_0107-01_kernel.nasl |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-05-03 | IAVM : 2012-A-0073 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0032171 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-03 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2012-0008_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0107.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0358.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120209_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-04-28 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2012-0008.nasl - Type : ACT_GATHER_INFO |
| 2012-03-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1390-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0107.nasl - Type : ACT_GATHER_INFO |
| 2012-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0107.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:01:24 |
|
| 2024-11-28 12:28:22 |
|
| 2024-08-02 12:18:37 |
|
| 2024-08-02 01:05:30 |
|
| 2024-02-02 01:18:05 |
|
| 2024-02-01 12:05:21 |
|
| 2023-09-05 12:16:59 |
|
| 2023-09-05 01:05:13 |
|
| 2023-09-02 12:17:04 |
|
| 2023-09-02 01:05:19 |
|
| 2023-08-12 12:20:45 |
|
| 2023-08-12 01:05:20 |
|
| 2023-08-11 12:17:10 |
|
| 2023-08-11 01:05:29 |
|
| 2023-08-06 12:16:30 |
|
| 2023-08-06 01:05:20 |
|
| 2023-08-04 12:16:34 |
|
| 2023-08-04 01:05:21 |
|
| 2023-07-14 12:16:33 |
|
| 2023-07-14 01:05:18 |
|
| 2023-03-29 01:18:30 |
|
| 2023-03-28 12:05:26 |
|
| 2023-02-13 09:28:42 |
|
| 2022-10-11 12:14:46 |
|
| 2022-10-11 01:05:02 |
|
| 2022-03-11 01:12:06 |
|
| 2021-05-04 12:18:55 |
|
| 2021-04-22 01:22:38 |
|
| 2020-08-08 01:07:11 |
|
| 2020-08-01 12:07:12 |
|
| 2020-07-30 01:07:33 |
|
| 2020-05-23 01:47:49 |
|
| 2020-05-23 00:32:33 |
|
| 2019-01-25 12:04:30 |
|
| 2018-10-30 12:04:50 |
|
| 2016-06-30 21:34:15 |
|
| 2016-06-29 00:25:20 |
|
| 2016-06-28 21:54:20 |
|
| 2016-06-28 18:57:54 |
|
| 2016-04-26 21:22:43 |
|
| 2016-03-04 13:26:25 |
|
| 2014-11-18 13:25:59 |
|
| 2014-02-17 11:06:48 |
|
| 2013-11-11 12:39:41 |
|
| 2013-05-10 22:30:53 |
|
