CVE-2012-2372

MEDIUM

Description

The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.

References

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://rhn.redhat.com/errata/RHSA-2012-0743.html

http://rhn.redhat.com/errata/RHSA-2012-1540.html

http://ubuntu.com/usn/usn-1529-1

http://www.securityfocus.com/bid/54062

http://www.ubuntu.com/usn/USN-1555-1

http://www.ubuntu.com/usn/USN-1556-1

https://bugzilla.redhat.com/show_bug.cgi?id=822754

https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8

https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html

Details

Source: MITRE

Published: 2013-01-22

Updated: 2016-08-23

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 4.4

Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:C)

Impact Score: 6.9

Exploitability Score: 2.7

Severity: MEDIUM

Tenable Plugins

View all (29 total)

ID	Name	Product	Family	Severity
89670	VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0015) (remote check)	Nessus	Misc.	medium
83611	SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)	Nessus	SuSE Local Security Checks	high
83581	SUSE SLES10 Security Update : OFED (SUSE-SU-2013:0713-1)	Nessus	SuSE Local Security Checks	medium
76557	SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)	Nessus	SuSE Local Security Checks	critical
71245	VMSA-2013-0015 : VMware ESX updates to third-party libraries	Nessus	VMware ESX Local Security Checks	medium
69590	Amazon Linux AMI : kernel (ALAS-2012-100)	Nessus	Amazon Linux Local Security Checks	medium
68663	Oracle Linux 5 : kernel (ELSA-2012-1540)	Nessus	Oracle Linux Local Security Checks	medium
68662	Oracle Linux 5 : kernel (ELSA-2012-1540-1)	Nessus	Oracle Linux Local Security Checks	medium
68544	Oracle Linux 6 : kernel (ELSA-2012-0743)	Nessus	Oracle Linux Local Security Checks	high
66230	SuSE 10 Security Update : OFED (ZYPP Patch Number 8507)	Nessus	SuSE Local Security Checks	medium
64180	SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7123 / 7127)	Nessus	SuSE Local Security Checks	high
63183	Scientific Linux Security Update : kernel on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
63171	CentOS 5 : kernel (CESA-2012:1540)	Nessus	CentOS Local Security Checks	medium
63152	RHEL 5 : kernel (RHSA-2012:1540)	Nessus	Red Hat Local Security Checks	medium
62041	Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerability (USN-1563-1)	Nessus	Ubuntu Local Security Checks	medium
62007	USN-1558-1 : linux-ti-omap4 vulnerability	Nessus	Ubuntu Local Security Checks	medium
62005	Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1556-1)	Nessus	Ubuntu Local Security Checks	high
61788	Ubuntu 10.04 LTS : linux vulnerabilities (USN-1555-1)	Nessus	Ubuntu Local Security Checks	high
61787	Ubuntu 11.10 : linux vulnerability (USN-1554-1)	Nessus	Ubuntu Local Security Checks	medium
61548	Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1538-1)	Nessus	Ubuntu Local Security Checks	high
61509	Ubuntu 11.04 : linux vulnerabilities (USN-1531-1)	Nessus	Ubuntu Local Security Checks	high
61508	USN-1530-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
61507	Ubuntu 12.04 LTS : linux vulnerabilities (USN-1529-1)	Nessus	Ubuntu Local Security Checks	high
61506	USN-1514-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
61331	Scientific Linux Security Update : kernel on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
59609	CentOS 6 : kernel (CESA-2012:0743)	Nessus	CentOS Local Security Checks	high
59562	RHEL 6 : kernel (RHSA-2012:0743)	Nessus	Red Hat Local Security Checks	high
801531	CentOS RHSA-2012-1540 Security Check	Log Correlation Engine	Generic	high
801519	CentOS RHSA-2012-0743 Security Check	Log Correlation Engine	Generic	high