certfr_avis - certa-2012-avi-334

CERTA-2012-AVI-334

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans FreeBSD. Son exploitation permet à un utilisateur local d'élever ses privilèges, de corrompre des données du noyau ou d'effectuer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
FreeBSD	N/A	FreeBSD version 7.x ;
FreeBSD	N/A	FreeBSD version 9.x.
FreeBSD	N/A	FreeBSD version 8.x ;

References

Title

Publication Time

CVE-2012-0217 (GCVE-0-2012-0217)

Vulnerability from cvelistv5

Published

2012-06-12 22:00

Modified

2024-08-06 18:16

Severity ?

CWE

Summary

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

References

URL

Tags

	http://secunia.com/advisories/55082	third-party-advisory, x_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA12-164A.html	third-party-advisory, x_refsource_CERT
	http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/	x_refsource_CONFIRM
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042	vendor-advisory, x_refsource_MS
	https://www.exploit-db.com/exploits/28718/	exploit, x_refsource_EXPLOIT-DB
	https://bugzilla.redhat.com/show_bug.cgi?id=813428	x_refsource_CONFIRM
	http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc	vendor-advisory, x_refsource_NETBSD
	http://security.gentoo.org/glsa/glsa-201309-24.xml	vendor-advisory, x_refsource_GENTOO
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596	vdb-entry, signature, x_refsource_OVAL
	http://www.debian.org/security/2012/dsa-2501	vendor-advisory, x_refsource_DEBIAN
	http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/	x_refsource_CONFIRM
	https://www.illumos.org/issues/2873	x_refsource_CONFIRM
	http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2012/dsa-2508	vendor-advisory, x_refsource_DEBIAN
	http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html	mailing-list, x_refsource_MLIST
	http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html	x_refsource_CONFIRM
	http://support.citrix.com/article/CTX133161	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/46508/	exploit, x_refsource_EXPLOIT-DB
	http://smartos.org/2012/06/15/smartos-news-3/	x_refsource_CONFIRM
	http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/649219	third-party-advisory, x_refsource_CERT-VN
	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	vendor-advisory, x_refsource_MANDRIVA
	http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc	vendor-advisory, x_refsource_FREEBSD

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:16:19.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55082",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55082"
          },
          {
            "name": "TA12-164A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/"
          },
          {
            "name": "MS12-042",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042"
          },
          {
            "name": "28718",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/28718/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=813428"
          },
          {
            "name": "NetBSD-SA2012-003",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc"
          },
          {
            "name": "GLSA-201309-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:15596",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596"
          },
          {
            "name": "DSA-2501",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2501"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.illumos.org/issues/2873"
          },
          {
            "name": "[xen-devel] 20120619 Security vulnerability process, and CVE-2012-0217",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html"
          },
          {
            "name": "DSA-2508",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2508"
          },
          {
            "name": "[xen-announce] 20120612 Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX133161"
          },
          {
            "name": "46508",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46508/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://smartos.org/2012/06/15/smartos-news-3/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012"
          },
          {
            "name": "VU#649219",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/649219"
          },
          {
            "name": "MDVSA-2013:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "name": "FreeBSD-SA-12:04",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application.  NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-08T10:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "55082",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55082"
        },
        {
          "name": "TA12-164A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/"
        },
        {
          "name": "MS12-042",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042"
        },
        {
          "name": "28718",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/28718/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=813428"
        },
        {
          "name": "NetBSD-SA2012-003",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc"
        },
        {
          "name": "GLSA-201309-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:15596",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596"
        },
        {
          "name": "DSA-2501",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2501"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.illumos.org/issues/2873"
        },
        {
          "name": "[xen-devel] 20120619 Security vulnerability process, and CVE-2012-0217",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html"
        },
        {
          "name": "DSA-2508",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2508"
        },
        {
          "name": "[xen-announce] 20120612 Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX133161"
        },
        {
          "name": "46508",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46508/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://smartos.org/2012/06/15/smartos-news-3/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012"
        },
        {
          "name": "VU#649219",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/649219"
        },
        {
          "name": "MDVSA-2013:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
        },
        {
          "name": "FreeBSD-SA-12:04",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2012-0217",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application.  NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55082",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55082"
            },
            {
              "name": "TA12-164A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
            },
            {
              "name": "http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/",
              "refsource": "CONFIRM",
              "url": "http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/"
            },
            {
              "name": "MS12-042",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042"
            },
            {
              "name": "28718",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/28718/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=813428",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=813428"
            },
            {
              "name": "NetBSD-SA2012-003",
              "refsource": "NETBSD",
              "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc"
            },
            {
              "name": "GLSA-201309-24",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:15596",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596"
            },
            {
              "name": "DSA-2501",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2501"
            },
            {
              "name": "http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/",
              "refsource": "CONFIRM",
              "url": "http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/"
            },
            {
              "name": "https://www.illumos.org/issues/2873",
              "refsource": "CONFIRM",
              "url": "https://www.illumos.org/issues/2873"
            },
            {
              "name": "[xen-devel] 20120619 Security vulnerability process, and CVE-2012-0217",
              "refsource": "MLIST",
              "url": "http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html"
            },
            {
              "name": "DSA-2508",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2508"
            },
            {
              "name": "[xen-announce] 20120612 Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation",
              "refsource": "MLIST",
              "url": "http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
            },
            {
              "name": "http://support.citrix.com/article/CTX133161",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX133161"
            },
            {
              "name": "46508",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46508/"
            },
            {
              "name": "http://smartos.org/2012/06/15/smartos-news-3/",
              "refsource": "CONFIRM",
              "url": "http://smartos.org/2012/06/15/smartos-news-3/"
            },
            {
              "name": "http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012",
              "refsource": "CONFIRM",
              "url": "http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012"
            },
            {
              "name": "VU#649219",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/649219"
            },
            {
              "name": "MDVSA-2013:150",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
            },
            {
              "name": "FreeBSD-SA-12:04",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2012-0217",
    "datePublished": "2012-06-12T22:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-06T18:16:19.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted