CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. El modo de usuario Scheduler en el núcleo en Microsoft Windows Server v2008 R2 y R2 SP1 y Windows v7 Gold y SP1 sobre la plataforma x64 no maneja adecuadamente solicitudes del sistema, lo que permite a usuarios locales obtener privilegios a través de una aplicación modificada, también conocida como "vulnerabilidad de corrupción de memoria de modo de usuario Scheduler". It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. • https://www.exploit-db.com/exploits/46508 https://www.exploit-db.com/exploits/28718 https://www.exploit-db.com/exploits/20861 http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-1694
https://notcve.org/view.php?id=CVE-2012-1694
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl. Vulnerabilidad no especificada en Oracle Sun Solaris v10 que permite a atacantes remotos afectar la confidencialidad y la integridad, relacionada con libsasl. • http://secunia.com/advisories/48809 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securitytracker.com/id?1026940 •
CVE-2012-1681
https://notcve.org/view.php?id=CVE-2012-1681
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs. Vulnerabilidad no especificada en Oracle Sun Solaris v8, v9, v10 y v11 permite a usuarios locales afectar la disponibilidad a través de vectores desconocidos relacionados con el kernel/sockfs. • http://secunia.com/advisories/48809 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securitytracker.com/id?1026940 •
CVE-2012-1684
https://notcve.org/view.php?id=CVE-2012-1684
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy. Vulnerabilidad sin especificar en Oracle Sun Solaris 8, 9, 10 y 11 permite a usuarios locales afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la política de contraseñas. • http://secunia.com/advisories/48809 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securitytracker.com/id?1026940 •
CVE-2012-1692
https://notcve.org/view.php?id=CVE-2012-1692
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP. Vulnerabilidad sin especificar en Oracle Sun Solaris 10 permite a usuarios locales afectar la disponibilidad, relacionado con SCTP. • http://secunia.com/advisories/48809 http://secunia.com/advisories/51388 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securityfocus.com/bid/53125 http://www.securitytracker.com/id?1026940 https://downloads.avaya.com/css/P8/documents/100161091 •