CVE - CVE-2012-0217

CVE-ID
CVE-2012-0217	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CERT:TA12-164A URL:http://www.us-cert.gov/cas/techalerts/TA12-164A.html CERT-VN:VU#649219 URL:http://www.kb.cert.org/vuls/id/649219 CONFIRM:http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/ CONFIRM:http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/ CONFIRM:http://smartos.org/2012/06/15/smartos-news-3/ CONFIRM:http://support.citrix.com/article/CTX133161 CONFIRM:http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=813428 CONFIRM:https://www.illumos.org/issues/2873 DEBIAN:DSA-2501 URL:http://www.debian.org/security/2012/dsa-2501 DEBIAN:DSA-2508 URL:http://www.debian.org/security/2012/dsa-2508 EXPLOIT-DB:28718 URL:https://www.exploit-db.com/exploits/28718/ EXPLOIT-DB:46508 URL:https://www.exploit-db.com/exploits/46508/ FREEBSD:FreeBSD-SA-12:04 URL:http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc GENTOO:GLSA-201309-24 URL:http://security.gentoo.org/glsa/glsa-201309-24.xml MANDRIVA:MDVSA-2013:150 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2013:150~~ (Obsolete source) MLIST:[xen-announce] 20120612 Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation URL:http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html MLIST:[xen-devel] 20120619 Security vulnerability process, and CVE-2012-0217 URL:http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html MS:MS12-042 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042 NETBSD:NetBSD-SA2012-003 URL:http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc OVAL:oval:org.mitre.oval:def:15596 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596 SECUNIA:55082 URL:http://secunia.com/advisories/55082
Assigning CNA
Debian GNU/Linux
Date Record Created
20111214	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20111214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)