CVE-2012-2372

MEDIUM

Description

The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.

References

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://rhn.redhat.com/errata/RHSA-2012-0743.html

http://rhn.redhat.com/errata/RHSA-2012-1540.html

http://ubuntu.com/usn/usn-1529-1

http://www.securityfocus.com/bid/54062

http://www.ubuntu.com/usn/USN-1555-1

http://www.ubuntu.com/usn/USN-1556-1

https://bugzilla.redhat.com/show_bug.cgi?id=822754

https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8

https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html

Details

Source: MITRE

Published: 2013-01-22

Updated: 2016-08-23

Risk Information

CVSS v2.0

Base Score: 4.4

Vector: AV:L/AC:M/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 2.7

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.7.4 (inclusive)

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
131805EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2531)NessusHuawei Local Security Checks
high
89670VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0015) (remote check)NessusMisc.
medium
83611SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)NessusSuSE Local Security Checks
high
83581SUSE SLES10 Security Update : OFED (SUSE-SU-2013:0713-1)NessusSuSE Local Security Checks
medium
76557SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)NessusSuSE Local Security Checks
critical
71245VMSA-2013-0015 : VMware ESX updates to third-party librariesNessusVMware ESX Local Security Checks
high
69590Amazon Linux AMI : kernel (ALAS-2012-100)NessusAmazon Linux Local Security Checks
medium
68663Oracle Linux 5 : kernel (ELSA-2012-1540)NessusOracle Linux Local Security Checks
high
68662Oracle Linux 5 : kernel (ELSA-2012-1540-1)NessusOracle Linux Local Security Checks
medium
68544Oracle Linux 6 : kernel (ELSA-2012-0743)NessusOracle Linux Local Security Checks
high
66230SuSE 10 Security Update : OFED (ZYPP Patch Number 8507)NessusSuSE Local Security Checks
medium
64180SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7123 / 7127)NessusSuSE Local Security Checks
high
63183Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121204)NessusScientific Linux Local Security Checks
medium
63171CentOS 5 : kernel (CESA-2012:1540)NessusCentOS Local Security Checks
high
63152RHEL 5 : kernel (RHSA-2012:1540)NessusRed Hat Local Security Checks
medium
62041Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerability (USN-1563-1)NessusUbuntu Local Security Checks
medium
62007USN-1558-1 : linux-ti-omap4 vulnerabilityNessusUbuntu Local Security Checks
medium
62005Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1556-1)NessusUbuntu Local Security Checks
high
61788Ubuntu 10.04 LTS : linux vulnerabilities (USN-1555-1)NessusUbuntu Local Security Checks
high
61787Ubuntu 11.10 : linux vulnerability (USN-1554-1)NessusUbuntu Local Security Checks
medium
61548Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1538-1)NessusUbuntu Local Security Checks
high
61509Ubuntu 11.04 : linux vulnerabilities (USN-1531-1)NessusUbuntu Local Security Checks
high
61508USN-1530-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
61507Ubuntu 12.04 LTS : linux vulnerabilities (USN-1529-1)NessusUbuntu Local Security Checks
high
61506USN-1514-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
61331Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120618)NessusScientific Linux Local Security Checks
high
59609CentOS 6 : kernel (CESA-2012:0743)NessusCentOS Local Security Checks
high
59562RHEL 6 : kernel (RHSA-2012:0743)NessusRed Hat Local Security Checks
high