Executive Summary

Informations
NameCVE-2012-0217First vendor Publication2012-06-12
VendorCveLast vendor Modification2019-03-08

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19861
 
Oval ID: oval:org.mitre.oval:def:19861
Title: DSA-2508-1 kfreebsd-8 - privilege escalation
Description: Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users.
Family: unix Class: patch
Reference(s): DSA-2508-1
CVE-2012-0217
Version: 5
Platform(s): Debian GNU/kFreeBSD 6.0
Product(s): kfreebsd-8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19281
 
Oval ID: oval:org.mitre.oval:def:19281
Title: CRITICAL PATCH UPDATE OCTOBER 2012
Description: The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0217
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15596
 
Oval ID: oval:org.mitre.oval:def:15596
Title: User Mode Scheduler Memory Corruption Vulnerability (CVE-2012-0217)
Description: The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0217
Version: 8
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application18
Application2
Application16
Os652
Os1
Os1
Os2
Os1
Os2
Os1
Os71
Os39
Os35

ExploitDB Exploits

idDescription
2012-08-27Microsoft Windows Kernel Intel x64 SYSRET PoC

OpenVAS Exploits

DateDescription
2012-12-18Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)
File : nvt/gb_suse_2012_0886_1.nasl
2012-11-23Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-23Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-15Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-11-15Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-09-22Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-22Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-08-30Name : Fedora Update for xen FEDORA-2012-11182
File : nvt/gb_fedora_2012_11182_xen_fc17.nasl
2012-08-30Name : Fedora Update for xen FEDORA-2012-11755
File : nvt/gb_fedora_2012_11755_xen_fc17.nasl
2012-08-30Name : Fedora Update for xen FEDORA-2012-9386
File : nvt/gb_fedora_2012_9386_xen_fc17.nasl
2012-08-24Name : Fedora Update for xen FEDORA-2012-11785
File : nvt/gb_fedora_2012_11785_xen_fc16.nasl
2012-08-10Name : Debian Security Advisory DSA 2501-1 (xen)
File : nvt/deb_2501_1.nasl
2012-08-10Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8)
File : nvt/deb_2508_1.nasl
2012-08-10Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD16.nasl
2012-08-06Name : Fedora Update for xen FEDORA-2012-11190
File : nvt/gb_fedora_2012_11190_xen_fc16.nasl
2012-07-30Name : CentOS Update for kernel CESA-2012:0721 centos5
File : nvt/gb_CESA-2012_0721_kernel_centos5.nasl
2012-06-28Name : Fedora Update for xen FEDORA-2012-9399
File : nvt/gb_fedora_2012_9399_xen_fc16.nasl
2012-06-28Name : Fedora Update for xen FEDORA-2012-9430
File : nvt/gb_fedora_2012_9430_xen_fc15.nasl
2012-06-15Name : RedHat Update for kernel RHSA-2012:0721-01
File : nvt/gb_RHSA-2012_0721-01_kernel.nasl
2012-06-13Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
File : nvt/secpod_ms12-042.nasl

Metasploit Database

idDescription
2012-06-12 FreeBSD Intel SYSRET Privilege Escalation

Nessus® Vulnerability Scanner

DateDescription
2014-11-26Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2012-0020.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2012-0021.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2012-0022.nasl - Type : ACT_GATHER_INFO
2014-07-26Name : The remote Solaris system is missing a security patch from CPU oct2012.
File : solaris_oct2012_SRU10_5.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-403.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-404.nasl - Type : ACT_GATHER_INFO
2013-09-28Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-24.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0721-1.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0721.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xen-201206-120606.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0720.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120612_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-23Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2508.nasl - Type : ACT_GATHER_INFO
2012-06-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2501.nasl - Type : ACT_GATHER_INFO
2012-06-28Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_aed44c4ec06711e1b5e0000c299b62e1.nasl - Type : ACT_GATHER_INFO
2012-06-26Name : The remote Fedora host is missing a security update.
File : fedora_2012-9386.nasl - Type : ACT_GATHER_INFO
2012-06-26Name : The remote Fedora host is missing a security update.
File : fedora_2012-9399.nasl - Type : ACT_GATHER_INFO
2012-06-26Name : The remote Fedora host is missing a security update.
File : fedora_2012-9430.nasl - Type : ACT_GATHER_INFO
2012-06-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0721.nasl - Type : ACT_GATHER_INFO
2012-06-13Name : The Windows kernel is affected by multiple elevation of privilege vulnerabili...
File : smb_nt_ms12-042.nasl - Type : ACT_GATHER_INFO
2012-06-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xen-201206-8180.nasl - Type : ACT_GATHER_INFO
2012-06-13Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0721.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CERT http://www.us-cert.gov/cas/techalerts/TA12-164A.html
CERT-VN http://www.kb.cert.org/vuls/id/649219
CONFIRM http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/
http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/
http://smartos.org/2012/06/15/smartos-news-3/
http://support.citrix.com/article/CTX133161
http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June1...
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
https://bugzilla.redhat.com/show_bug.cgi?id=813428
https://www.illumos.org/issues/2873
DEBIAN http://www.debian.org/security/2012/dsa-2501
http://www.debian.org/security/2012/dsa-2508
EXPLOIT-DB https://www.exploit-db.com/exploits/28718/
https://www.exploit-db.com/exploits/46508/
FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc
GENTOO http://security.gentoo.org/glsa/glsa-201309-24.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
MLIST http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12...
NETBSD http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
DateInformations
2019-03-22 12:04:09
  • Multiple Updates
2019-03-20 12:04:25
  • Multiple Updates
2019-03-19 12:04:49
  • Multiple Updates
2019-03-08 17:18:31
  • Multiple Updates
2018-10-13 05:18:35
  • Multiple Updates
2018-09-20 12:09:30
  • Multiple Updates
2018-06-22 12:03:49
  • Multiple Updates
2017-10-05 09:23:10
  • Multiple Updates
2017-09-19 09:25:08
  • Multiple Updates
2017-08-03 12:00:41
  • Multiple Updates
2017-04-06 12:03:32
  • Multiple Updates
2017-02-24 12:00:46
  • Multiple Updates
2016-09-30 01:03:31
  • Multiple Updates
2016-06-28 18:58:41
  • Multiple Updates
2016-04-26 21:24:36
  • Multiple Updates
2014-11-27 13:28:01
  • Multiple Updates
2014-07-26 13:27:38
  • Multiple Updates
2014-06-14 13:32:10
  • Multiple Updates
2014-02-17 11:07:14
  • Multiple Updates
2013-10-11 13:23:19
  • Multiple Updates
2013-10-03 21:20:28
  • Multiple Updates
2013-05-10 22:31:59
  • Multiple Updates
2013-03-07 13:19:43
  • Multiple Updates
2013-02-22 13:22:13
  • Multiple Updates
2012-12-05 13:18:54
  • Multiple Updates