Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2136

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2012-2136
Last Modified 01 Mar 2013 11:41:22
Published 09 Aug 2012 06:29:46
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-2136

Summary

The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.

Vulnerable Systems

Operating System

  • Linux Kernel 3.4

  • Linux Kernel 3.4.1

  • Linux Kernel 3.4.2

  • Linux Kernel 3.4.3

  • Linux Kernel 3.4.4


References

CONFIRM - https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=816289

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc

BID - 53721

UBUNTU - USN-1535-1

REDHAT - RHSA-2012:1087

UBUNTU - USN-1529-1

REDHAT - RHSA-2012:0743

SECUNIA - 50807

Related Patches

Red Hat 2012:0690-01 RHSA Important: kernel security and bug fix update for RHEL 5 x86

Red Hat 2012:0690-01 RHSA Important: kernel security and bug fix update for RHEL 5 x86_64

Novell SUSE 2012:6457 kernel security update for SLE 11 SP2 i586

Novell SUSE 2012:6463 kernel security update for SLE 11 SP2 x86_64

Novell SUSE 2012:6547 kernel security update for SLE 11 SP1 i586

Novell SUSE 2012:6548 kernel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8324 kernel security update for SLE 10 SP4 x86_64

Novell SUSE 2012:8325 kernel security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:55:04