Lucene search

[email protected]NVD:CVE-2012-3515

HistoryNov 23, 2012 - 8:55 p.m.

CVE-2012-3515

2012-11-2320:55:03

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a “device model’s address space.”

Affected configurations

Nvd

Node

qemuqemuRange<1.2.0

xenxenMatch4.0.0

xenxenMatch4.1.0

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

opensuseopensuseMatch12.2

suselinux_enterprise_desktopMatch10sp4

suselinux_enterprise_desktopMatch11sp2

suselinux_enterprise_serverMatch10sp2

suselinux_enterprise_serverMatch10sp3ltss

suselinux_enterprise_serverMatch10sp4

suselinux_enterprise_serverMatch11sp1ltss

suselinux_enterprise_serverMatch11sp2-

suselinux_enterprise_serverMatch11sp2vmware

suselinux_enterprise_software_development_kitMatch10sp4

suselinux_enterprise_software_development_kitMatch11sp2

Node

redhatvirtualizationMatch3.0

AND

redhatenterprise_linuxMatch6.0

Node

redhatvirtualizationMatch5.0

redhatvirtualizationMatch6.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.3

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04esm

VendorProductVersionCPE
qemuqemu*cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
xenxen4.0.0cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
xenxen4.1.0cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
opensuseopensuse11.4cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
opensuseopensuse12.1cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
opensuseopensuse12.2cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
suselinux_enterprise_desktop10cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
suselinux_enterprise_server10cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
suselinux_enterprise_server10cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*

Vendor	Product	Version	CPE
qemu	qemu	*	cpe:2.3:a:qemu:qemu::::::::
xen	xen	4.0.0	cpe:2.3:o:xen:xen:4.0.0:::::::*
xen	xen	4.1.0	cpe:2.3:o:xen:xen:4.1.0:::::::*
opensuse	opensuse	11.4	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
opensuse	opensuse	12.1	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
opensuse	opensuse	12.2	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
suse	linux_enterprise_desktop	10	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
suse	linux_enterprise_server	10	cpe:2.3:o:suse:linux_enterprise_server:10:sp2::::::
suse	linux_enterprise_server	10	cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::ltss:::*

Rows per page:

1-10 of 331

References

git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log

lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html

lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html

lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html

lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

lists.opensuse.org/opensuse-updates/2012-09/msg00051.html

lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html

rhn.redhat.com/errata/RHSA-2012-1233.html

rhn.redhat.com/errata/RHSA-2012-1234.html

rhn.redhat.com/errata/RHSA-2012-1235.html

rhn.redhat.com/errata/RHSA-2012-1236.html

rhn.redhat.com/errata/RHSA-2012-1262.html

rhn.redhat.com/errata/RHSA-2012-1325.html

secunia.com/advisories/50472

secunia.com/advisories/50528

secunia.com/advisories/50530

secunia.com/advisories/50632

secunia.com/advisories/50689

secunia.com/advisories/50860

secunia.com/advisories/50913

secunia.com/advisories/51413

secunia.com/advisories/55082

security.gentoo.org/glsa/glsa-201309-24.xml

support.citrix.com/article/CTX134708

wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability

www.debian.org/security/2012/dsa-2543

www.debian.org/security/2012/dsa-2545

www.openwall.com/lists/oss-security/2012/09/05/10

www.securityfocus.com/bid/55413

www.ubuntu.com/usn/USN-1590-1

security.gentoo.org/glsa/201604-03

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

Related for NVD:CVE-2012-3515

suse15 centos3 nessus40 openvas88 f52 veracode1 prion1 securityvulns2 oraclelinux3 ubuntu1 ubuntucve1 redhat6 debiancve1 cvelist1 cve1 debian3 osv4 fedora25 gentoo1