National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2012-0217 Detail

Current Description

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

Source:  MITRE
Description Last Modified:  06/12/2012
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 7.2 HIGH
Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C) (V2 legend)
Impact Subscore: 10.0
Exploitability Subscore: 3.9


Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

Evaluator Impact

Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-042 'This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2. Systems with AMD or ARM-based CPUs are not affected by this vulnerability.'

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/
http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html
http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://smartos.org/2012/06/15/smartos-news-3/
http://support.citrix.com/article/CTX133161
http://technet.microsoft.com/security/bulletin/MS12-042 Patch Vendor Advisory
http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012
http://www.debian.org/security/2012/dsa-2501
http://www.debian.org/security/2012/dsa-2508
http://www.kb.cert.org/vuls/id/649219 US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
http://www.us-cert.gov/cas/techalerts/TA12-164A.html US Government Resource
https://bugzilla.redhat.com/show_bug.cgi?id=813428
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596
https://www.exploit-db.com/exploits/28718/
https://www.illumos.org/issues/2873

Technical Details

Vulnerability Type (View All)

Change History

3 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2012-0217
NVD Published Date:
06/12/2012
NVD Last Modified:
10/04/2017