csaf_redhat - rhsa-2013

rhsa-2013_0807

Vulnerability from csaf_redhat

Published

2013-05-09 18:10

Modified

2024-11-22 06:31

Summary

Red Hat Security Advisory: hypervkvpd security and bug fix update

Notes

Topic

An updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair (KVP) daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532) The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This update also fixes the following bug: * The hypervkvpd daemon did not close the file descriptors for pool files when they were updated. This could eventually lead to hypervkvpd crashing with a "KVP: Failed to open file, pool: 1" error after consuming all available file descriptors. With this update, the file descriptors are closed, correcting this issue. (BZ#953502) Users of hypervkvpd are advised to upgrade to this updated package, which contains backported patches to correct these issues. After installing the update, it is recommended to reboot all guest machines.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated hypervkvpd package that fixes one security issue and one bug is\nnow available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V\nKey-Value Pair (KVP) daemon. The daemon passes basic information to the\nhost through VMBus, such as the guest IP address, fully qualified domain\nname, operating system name, and operating system release number.\n\nA denial of service flaw was found in the way hypervkvpd processed certain\nNetlink messages. A local, unprivileged user in a guest (running on\nMicrosoft Hyper-V) could send a Netlink message that, when processed, would\ncause the guest\u0027s hypervkvpd daemon to exit. (CVE-2012-5532)\n\nThe CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat\nProduct Security Team.\n\nThis update also fixes the following bug:\n\n* The hypervkvpd daemon did not close the file descriptors for pool files\nwhen they were updated. This could eventually lead to hypervkvpd crashing\nwith a \"KVP: Failed to open file, pool: 1\" error after consuming all\navailable file descriptors. With this update, the file descriptors are\nclosed, correcting this issue. (BZ#953502)\n\nUsers of hypervkvpd are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues. After installing the\nupdate, it is recommended to reboot all guest machines.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:0807",
        "url": "https://access.redhat.com/errata/RHSA-2013:0807"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "877572",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877572"
      },
      {
        "category": "external",
        "summary": "953502",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953502"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0807.json"
      }
    ],
    "title": "Red Hat Security Advisory: hypervkvpd security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T06:31:31+00:00",
      "generator": {
        "date": "2024-11-22T06:31:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2013:0807",
      "initial_release_date": "2013-05-09T18:10:00+00:00",
      "revision_history": [
        {
          "date": "2013-05-09T18:10:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-05-09T18:13:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T06:31:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL Virtualization (v. 5 server)",
                "product": {
                  "name": "RHEL Virtualization (v. 5 server)",
                  "product_id": "5Server-VT-5.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_virtualization:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server-5.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hypervkvpd-0:0-0.7.el5_9.3.x86_64",
                "product": {
                  "name": "hypervkvpd-0:0-0.7.el5_9.3.x86_64",
                  "product_id": "hypervkvpd-0:0-0.7.el5_9.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hypervkvpd@0-0.7.el5_9.3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64",
                "product": {
                  "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64",
                  "product_id": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hypervkvpd-debuginfo@0-0.7.el5_9.3?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hypervkvpd-0:0-0.7.el5_9.3.i686",
                "product": {
                  "name": "hypervkvpd-0:0-0.7.el5_9.3.i686",
                  "product_id": "hypervkvpd-0:0-0.7.el5_9.3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hypervkvpd@0-0.7.el5_9.3?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
                "product": {
                  "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
                  "product_id": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hypervkvpd-debuginfo@0-0.7.el5_9.3?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hypervkvpd-0:0-0.7.el5_9.3.src",
                "product": {
                  "name": "hypervkvpd-0:0-0.7.el5_9.3.src",
                  "product_id": "hypervkvpd-0:0-0.7.el5_9.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hypervkvpd@0-0.7.el5_9.3?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hypervkvpd-0:0-0.7.el5_9.3.ia64",
                "product": {
                  "name": "hypervkvpd-0:0-0.7.el5_9.3.ia64",
                  "product_id": "hypervkvpd-0:0-0.7.el5_9.3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hypervkvpd@0-0.7.el5_9.3?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
                "product": {
                  "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
                  "product_id": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hypervkvpd-debuginfo@0-0.7.el5_9.3?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-0:0-0.7.el5_9.3.i686 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.i686"
        },
        "product_reference": "hypervkvpd-0:0-0.7.el5_9.3.i686",
        "relates_to_product_reference": "5Server-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-0:0-0.7.el5_9.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.ia64"
        },
        "product_reference": "hypervkvpd-0:0-0.7.el5_9.3.ia64",
        "relates_to_product_reference": "5Server-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-0:0-0.7.el5_9.3.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.src"
        },
        "product_reference": "hypervkvpd-0:0-0.7.el5_9.3.src",
        "relates_to_product_reference": "5Server-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-0:0-0.7.el5_9.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.x86_64"
        },
        "product_reference": "hypervkvpd-0:0-0.7.el5_9.3.x86_64",
        "relates_to_product_reference": "5Server-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686"
        },
        "product_reference": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
        "relates_to_product_reference": "5Server-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64"
        },
        "product_reference": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
        "relates_to_product_reference": "5Server-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64"
        },
        "product_reference": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64",
        "relates_to_product_reference": "5Server-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-0:0-0.7.el5_9.3.i686 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.i686"
        },
        "product_reference": "hypervkvpd-0:0-0.7.el5_9.3.i686",
        "relates_to_product_reference": "5Server-VT-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-0:0-0.7.el5_9.3.ia64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.ia64"
        },
        "product_reference": "hypervkvpd-0:0-0.7.el5_9.3.ia64",
        "relates_to_product_reference": "5Server-VT-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-0:0-0.7.el5_9.3.src as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.src"
        },
        "product_reference": "hypervkvpd-0:0-0.7.el5_9.3.src",
        "relates_to_product_reference": "5Server-VT-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-0:0-0.7.el5_9.3.x86_64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.x86_64"
        },
        "product_reference": "hypervkvpd-0:0-0.7.el5_9.3.x86_64",
        "relates_to_product_reference": "5Server-VT-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686"
        },
        "product_reference": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
        "relates_to_product_reference": "5Server-VT-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64"
        },
        "product_reference": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
        "relates_to_product_reference": "5Server-VT-5.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64 as a component of RHEL Virtualization (v. 5 server)",
          "product_id": "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64"
        },
        "product_reference": "hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64",
        "relates_to_product_reference": "5Server-VT-5.9.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Florian Weimer"
          ],
          "organization": "Red Hat Product Security Team",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2012-5532",
      "discovery_date": "2012-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "877572"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hypervkvpd: Netlink source address validation allows denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.i686",
          "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.ia64",
          "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.src",
          "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.x86_64",
          "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
          "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
          "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64",
          "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.i686",
          "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.ia64",
          "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.src",
          "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.x86_64",
          "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
          "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
          "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-5532"
        },
        {
          "category": "external",
          "summary": "RHBZ#877572",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877572"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-5532"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5532",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5532"
        }
      ],
      "release_date": "2012-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-05-09T18:10:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.i686",
            "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.ia64",
            "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.src",
            "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.x86_64",
            "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
            "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
            "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64",
            "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.i686",
            "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.ia64",
            "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.src",
            "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.x86_64",
            "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
            "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
            "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:0807"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.i686",
            "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.ia64",
            "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.src",
            "5Server-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.x86_64",
            "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
            "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
            "5Server-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64",
            "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.i686",
            "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.ia64",
            "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.src",
            "5Server-VT-5.9.Z:hypervkvpd-0:0-0.7.el5_9.3.x86_64",
            "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.i686",
            "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.ia64",
            "5Server-VT-5.9.Z:hypervkvpd-debuginfo-0:0-0.7.el5_9.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hypervkvpd: Netlink source address validation allows denial of service"
    }
  ]
}

cve-2012-5532

Vulnerability from cvelistv5

Published

2012-12-27 11:00

Modified

2024-08-06 21:05

Severity ?

Summary

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.

References

▼	URL	Tags
	http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2	x_refsource_CONFIRM
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2013:176	vendor-advisory, x_refsource_MANDRIVA
	https://bugzilla.novell.com/show_bug.cgi?id=761200	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/11/27/12	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=877572	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v3.x/testing/	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-0807.html	vendor-advisory, x_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilities/80337	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/56710	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef"
          },
          {
            "name": "MDVSA-2013:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=761200"
          },
          {
            "name": "[oss-security] 20121127 Re: CVE-2012-5532 hypervkvpd DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/27/12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877572"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef"
          },
          {
            "name": "RHSA-2013:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0807.html"
          },
          {
            "name": "kernel-hypervkvpd-dos(80337)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80337"
          },
          {
            "name": "56710",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56710"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef"
        },
        {
          "name": "MDVSA-2013:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=761200"
        },
        {
          "name": "[oss-security] 20121127 Re: CVE-2012-5532 hypervkvpd DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/27/12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877572"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef"
        },
        {
          "name": "RHSA-2013:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0807.html"
        },
        {
          "name": "kernel-hypervkvpd-dos(80337)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80337"
        },
        {
          "name": "56710",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56710"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-5532",
    "datePublished": "2012-12-27T11:00:00",
    "dateReserved": "2012-10-24T00:00:00",
    "dateUpdated": "2024-08-06T21:05:47.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted