fkie_cve-2012-0217
Vulnerability from fkie_nvd
Published
2012-06-12 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freebsd | freebsd | * | |
| illumos | illumos | * | |
| joyent | smartos | * | |
| xen | xen | * | |
| xen | xen | 4.0.0 | |
| xen | xen | 4.0.1 | |
| xen | xen | 4.0.2 | |
| xen | xen | 4.0.3 | |
| xen | xen | 4.0.4 | |
| xen | xen | 4.1.0 | |
| xen | xen | 4.1.1 | |
| microsoft | windows_7 | * | |
| microsoft | windows_7 | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_xp | * | |
| citrix | xenserver | * | |
| citrix | xenserver | 6.0 | |
| netbsd | netbsd | * | |
| sun | sunos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7B2CC9-2907-49AF-8497-CE60554123F4",
"versionEndIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:illumos:illumos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F4D46A-B031-4639-AA94-5E44091F4B92",
"versionEndIncluding": "r13723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:joyent:smartos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F2DF32E-26A0-4463-85DD-6E63C125E606",
"versionEndIncluding": "20120614",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5037783-1819-4FC5-B7A7-EB80F6A98E1F",
"versionEndIncluding": "4.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "550223A9-B9F1-440A-8C25-9F0F76AF7301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC734D58-96E5-4DD2-8781-F8E0ADB96462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62CEC1BF-1922-410D-BCBA-C58199F574C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "923F2C2B-4A65-4823-B511-D0FEB7C7FAB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "CE381783-027E-4B6D-B801-59873E5EA483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "4FA15D65-7C32-4C7A-9915-746AB3F454EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
"matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24FCA867-7158-459C-9D6C-75A39263F00A",
"versionEndIncluding": "6.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1D10B8-202D-44A4-A872-88D7C11488D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netbsd:netbsd:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "D2AF9820-F982-4804-9580-78CDD4273C6B",
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "696972CD-A690-4DDC-A852-1253062AE874",
"versionEndIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier."
},
{
"lang": "es",
"value": "El modo de usuario Scheduler en el n\u00facleo en Microsoft Windows Server v2008 R2 y R2 SP1 y Windows v7 Gold y SP1 sobre la plataforma x64 no maneja adecuadamente solicitudes del sistema, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de una aplicaci\u00f3n modificada, tambi\u00e9n conocida como \"vulnerabilidad de corrupci\u00f3n de memoria de modo de usuario Scheduler\"."
}
],
"evaluatorImpact": "Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-042\n\n\u0027This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2. Systems with AMD or ARM-based CPUs are not affected by this vulnerability.\u0027",
"id": "CVE-2012-0217",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-12T22:55:01.343",
"references": [
{
"source": "security@debian.org",
"url": "http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/"
},
{
"source": "security@debian.org",
"url": "http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/"
},
{
"source": "security@debian.org",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc"
},
{
"source": "security@debian.org",
"url": "http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html"
},
{
"source": "security@debian.org",
"url": "http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/55082"
},
{
"source": "security@debian.org",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc"
},
{
"source": "security@debian.org",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"source": "security@debian.org",
"url": "http://smartos.org/2012/06/15/smartos-news-3/"
},
{
"source": "security@debian.org",
"url": "http://support.citrix.com/article/CTX133161"
},
{
"source": "security@debian.org",
"url": "http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2501"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2508"
},
{
"source": "security@debian.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/649219"
},
{
"source": "security@debian.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"source": "security@debian.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"source": "security@debian.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"source": "security@debian.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=813428"
},
{
"source": "security@debian.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042"
},
{
"source": "security@debian.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596"
},
{
"source": "security@debian.org",
"url": "https://www.exploit-db.com/exploits/28718/"
},
{
"source": "security@debian.org",
"url": "https://www.exploit-db.com/exploits/46508/"
},
{
"source": "security@debian.org",
"url": "https://www.illumos.org/issues/2873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://smartos.org/2012/06/15/smartos-news-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX133161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/649219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=813428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/28718/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/46508/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.illumos.org/issues/2873"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…