CVE-2012-2319

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

http://rhn.redhat.com/errata/RHSA-2012-1323.html

http://rhn.redhat.com/errata/RHSA-2012-1347.html

http://secunia.com/advisories/50811

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5

http://www.openwall.com/lists/oss-security/2012/05/07/11

https://bugzilla.redhat.com/show_bug.cgi?id=819471

https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77

Details

Source: MITRE

Published: 2012-05-17

Updated: 2015-05-12

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.3.3 (inclusive)

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
83723SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)NessusSuSE Local Security Checks
high
68632Oracle Linux 5 : kernel (ELSA-2012-1323)NessusOracle Linux Local Security Checks
high
68631Oracle Linux 5 : kernel (ELSA-2012-1323-1)NessusOracle Linux Local Security Checks
high
64177SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 6547 / 6548 / 6550)NessusSuSE Local Security Checks
high
64174SuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 6338 / 6345 / 6349)NessusSuSE Local Security Checks
high
64057RHEL 5 : kernel (RHSA-2012:1347)NessusRed Hat Local Security Checks
high
62431CentOS 5 : kernel (CESA-2012:1323)NessusCentOS Local Security Checks
high
62428Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121002)NessusScientific Linux Local Security Checks
high
62405RHEL 5 : kernel (RHSA-2012:1323)NessusRed Hat Local Security Checks
high
61508USN-1530-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
59816Ubuntu 8.04 LTS : linux vulnerabilities (USN-1493-1)NessusUbuntu Local Security Checks
high
59815Ubuntu 10.04 LTS : linux vulnerabilities (USN-1492-1)NessusUbuntu Local Security Checks
high
59814Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1491-1)NessusUbuntu Local Security Checks
high
59813Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1490-1)NessusUbuntu Local Security Checks
high
59811Ubuntu 11.04 : linux vulnerabilities (USN-1488-1)NessusUbuntu Local Security Checks
high
59553USN-1476-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
59522SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8162)NessusSuSE Local Security Checks
high
59521SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8161)NessusSuSE Local Security Checks
high
59496USN-1474-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
59495Ubuntu 12.04 LTS : linux vulnerabilities (USN-1473-1)NessusUbuntu Local Security Checks
high
59476Ubuntu 11.10 : linux vulnerabilities (USN-1472-1)NessusUbuntu Local Security Checks
high
59475Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1471-1)NessusUbuntu Local Security Checks
high
801527CentOS RHSA-2012-1323 Security CheckLog Correlation EngineGeneric
high