Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: CVE-2012-0217 (from MS12-042) applies to other environments too - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CVE-2012-0217 (from MS12-042) applies to other environments too

A week ago we covered MS12-042 ("Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)") on the monthly Microsoft patch update cycle. This Microsoft advisory includes two vulnerabilities: CVE-2012-0217 and CVE-2012-1515 (VMware related).

Unfortunately, the official CVE-2012-0217 only makes references to Microsoft Windows OS, but other environments are also affected by this local privilege escalation vulnerability associated to 64-bit Intel processors. From the US-CERT note: "Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape." In particular, it affects FreeBSD or Xen (RedHat, SUSE, etc).

More details at "Vulnerability Note VU#649219: SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware".

----
Raul Siles
Founder and Senior Security Analyst with Taddong
www.taddong.com

Raul Siles

152 Posts
And NetBSD. In the kernel itself, and in the packaged Xen kernels if used in PV mode.

I don't notice anything new committed in OpenBSD relating to this, so I wonder if it was somehow immune, or just not patched yet.
Steven C.

171 Posts
quick searching on the web, I found the following posts to misc@openbsd mailing list.

http://old.nabble.com/CVE-2012-0217%3A-SYSRET-64-bit-operating-system-privilege-escalation-vulnerability-on-Intel-CPU-hardware-td34003925.html

are there anyone checking the OpenBSD kernel source code?
I think the relevant part is around machdep.c.

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/amd64/amd64/machdep.c
Steven C.
1 Posts
@yozo, thanks, somehow I missed that when I was searching.

So this was fixed in OpenBSD CVS uhhh almost a year ago :)
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/amd64/amd64/machdep.c#rev1.147
Steven C.

171 Posts

Sign Up for Free or Log In to start participating in the conversation!