Rafal Wojtczuk from Bromium discovered that FreeBSD wasn’t handling correctly
uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation
to kernel for local users.

For the stable distribution (squeeze), this problem has been fixed in
version 8.1+dfsg-8+squeeze3.

For the testing distribution (wheezy), this problem has been fixed in
version 8.3-4.

For the unstable distribution (sid), this problem has been fixed in
version 8.3-4.

We recommend that you upgrade your kfreebsd-8 packages.

CPENameOperatorVersion
kfreebsd-8eq8.1+dfsg-7.1
kfreebsd-8eq8.1+dfsg-8+squeeze2
kfreebsd-8eq8.1+dfsg-8+squeeze1
kfreebsd-8eq8.1+dfsg-8

Name	Operator	Version
kfreebsd-8	eq	8.1+dfsg-7.1
kfreebsd-8	eq	8.1+dfsg-8+squeeze2
kfreebsd-8	eq	8.1+dfsg-8+squeeze1
kfreebsd-8	eq	8.1+dfsg-8

References

www.debian.org/security/2012/dsa-2508

canvas 2

openvas 74

debian 2

nessus 23

securityvulns 4

zdt 1

packetstorm 1

debiancve 2

cve 2

freebsd 1

freebsd_advisory 1

threatpost 2

prion 2

thn 1

ubuntucve 2

cisa 1

metasploit 1

exploitdb 1

redhat 2

oraclelinux 4

mskb 1

centos 1

suse 2

cert 1

osv 1

fedora 27

gentoo 1

oracle 1

canvas

Immunity Canvas: MS12_042

2012-06-12 18:55:01

Immunity Canvas: SYSRET

2012-06-12 22:55:00

openvas

FreeBSD Ports: FreeBSD

2012-08-10 00:00:00

FreeBSD Ports: FreeBSD

2012-08-10 00:00:00

Debian Security Advisory DSA 2508-1 (kfreebsd-8)

2012-08-10 00:00:00

debian

[SECURITY] [DSA 2508-1] kfreebsd-8 security update

2012-07-22 12:21:26

[SECURITY] [DSA 2501-1] xen security update

2012-06-24 15:22:35

nessus

Debian DSA-2508-1 : kfreebsd-8 - privilege escalation

2012-07-23 00:00:00

FreeBSD : FreeBSD -- Privilege escalation when returning from kernel (aed44c4e-c067-11e1-b5e0-000c299b62e1)

2012-06-28 00:00:00

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120612)

2012-08-01 00:00:00

securityvulns

FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED]

2012-06-25 00:00:00

CVE-2012-0217

2012-06-13 00:00:00

FreeBSD kernel privilege escalation

2012-06-25 00:00:00

zdt

FreeBSD - Intel SYSRET Privilege Escalation Exploit

2019-03-07 00:00:00

packetstorm

FreeBSD Intel SYSRET Privilege Escalation

2019-03-07 00:00:00

debiancve

CVE-2012-0217

2012-06-12 22:55:00

CVE-2012-2934

2012-12-03 21:55:00

cve

CVE-2012-0217

2012-06-12 22:55:00

CVE-2012-2934

2012-12-03 21:55:00

freebsd

FreeBSD -- Privilege escalation when returning from kernel

2012-06-12 00:00:00

freebsd_advisory

FreeBSD-SA-12:04.sysret

2012-06-12 00:00:00

threatpost

Virtual Machine Escape Exploit Targets Xen

2012-09-06 11:52:32

Security Risks Abound in Virtualized Environments

2010-03-16 13:49:58

prion

Code injection

2012-06-12 22:55:00

Code injection

2012-12-03 21:55:00

thn

CVE-2012-0217 - Intel SYSRET FreeBSD Privilege Escalation Exploit Released

2012-07-24 20:06:00

ubuntucve

CVE-2012-0217

2012-06-12 00:00:00

CVE-2012-2934

2012-12-03 00:00:00

cisa

Microsoft Releases June Security Bulletin

2012-06-07 00:00:00

metasploit

FreeBSD Intel SYSRET Privilege Escalation

2018-12-09 16:04:38

exploitdb

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

2019-03-07 00:00:00

redhat

(RHSA-2012:0721) Important: kernel security update

2012-06-12 00:00:00

(RHSA-2012:0720) Important: kernel security and bug fix update

2012-06-12 00:00:00

oraclelinux

kernel security update

2012-06-12 00:00:00

2012-07-10 00:00:00

mskb

MS12-042: Vulnerabilities in Windows Kernel could allow elevation of privilege: June 12, 2012

2012-06-12 00:00:00

centos

kernel security update

2012-06-13 00:11:19

suse

xen (critical)

2012-07-18 15:08:32

Security update for Xen (critical)

2012-06-12 23:08:27

cert

SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware

2012-06-12 00:00:00

osv

xen - several

2012-06-24 00:00:00

fedora

[SECURITY] Fedora 17 Update: xen-4.1.2-20.fc17

2012-06-26 00:52:23

[SECURITY] Fedora 16 Update: xen-4.1.2-8.fc16

2012-06-26 00:42:08

[SECURITY] Fedora 17 Update: xen-4.1.2-24.fc17

2012-08-05 21:26:27

gentoo

Xen: Multiple vulnerabilities

2013-09-27 00:00:00

oracle

Oracle Critical Patch Update - October 2012

2012-10-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for OSV:DSA-2508-1