CVE-2012-3412HIGH
Description
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.
References
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html
http://rhn.redhat.com/errata/RHSA-2012-1323.html
http://rhn.redhat.com/errata/RHSA-2012-1324.html
http://rhn.redhat.com/errata/RHSA-2012-1347.html
http://rhn.redhat.com/errata/RHSA-2012-1375.html
http://rhn.redhat.com/errata/RHSA-2012-1401.html
http://rhn.redhat.com/errata/RHSA-2012-1430.html
http://secunia.com/advisories/50633
http://secunia.com/advisories/50732
http://secunia.com/advisories/50811
http://secunia.com/advisories/51193
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30
http://www.openwall.com/lists/oss-security/2012/08/03/4
http://www.ubuntu.com/usn/USN-1567-1
http://www.ubuntu.com/usn/USN-1568-1
http://www.ubuntu.com/usn/USN-1572-1
http://www.ubuntu.com/usn/USN-1575-1
http://www.ubuntu.com/usn/USN-1577-1
http://www.ubuntu.com/usn/USN-1578-1
http://www.ubuntu.com/usn/USN-1579-1
http://www.ubuntu.com/usn/USN-1580-1
https://bugzilla.redhat.com/show_bug.cgi?id=844714
https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c
https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.2.29 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 125250 | SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14051-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
| 83611 | SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1) | Nessus | SuSE Local Security Checks | high |
| 78938 | RHEL 6 : rhev-hypervisor6 (RHSA-2012:1375) | Nessus | Red Hat Local Security Checks | high |
| 78934 | RHEL 5 : rhev-hypervisor5 (RHSA-2012:1324) | Nessus | Red Hat Local Security Checks | high |
| 74914 | openSUSE Security Update : kernel (openSUSE-SU-2013:0396-1) | Nessus | SuSE Local Security Checks | high |
| 74778 | openSUSE Security Update : kernel (openSUSE-SU-2012:1330-1) | Nessus | SuSE Local Security Checks | high |
| 68847 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507) | Nessus | Oracle Linux Local Security Checks | high |
| 68686 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2041) | Nessus | Oracle Linux Local Security Checks | high |
| 68685 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2040) | Nessus | Oracle Linux Local Security Checks | high |
| 68684 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2039) | Nessus | Oracle Linux Local Security Checks | high |
| 68683 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2038) | Nessus | Oracle Linux Local Security Checks | high |
| 68643 | Oracle Linux 6 : kernel (ELSA-2012-1366) | Nessus | Oracle Linux Local Security Checks | high |
| 68632 | Oracle Linux 5 : kernel (ELSA-2012-1323) | Nessus | Oracle Linux Local Security Checks | high |
| 68631 | Oracle Linux 5 : kernel (ELSA-2012-1323-1) | Nessus | Oracle Linux Local Security Checks | high |
| 64180 | SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7123 / 7127) | Nessus | SuSE Local Security Checks | high |
| 64061 | RHEL 6 : kernel (RHSA-2012:1430) | Nessus | Red Hat Local Security Checks | high |
| 64059 | RHEL 6 : kernel (RHSA-2012:1401) | Nessus | Red Hat Local Security Checks | high |
| 64057 | RHEL 5 : kernel (RHSA-2012:1347) | Nessus | Red Hat Local Security Checks | high |
| 62616 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20121016) | Nessus | Scientific Linux Local Security Checks | high |
| 62596 | CentOS 6 : kernel (CESA-2012:1366) | Nessus | CentOS Local Security Checks | high |
| 62572 | RHEL 6 : kernel (RHSA-2012:1366) | Nessus | Red Hat Local Security Checks | high |
| 62431 | CentOS 5 : kernel (CESA-2012:1323) | Nessus | CentOS Local Security Checks | high |
| 62428 | Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20121002) | Nessus | Scientific Linux Local Security Checks | high |
| 62405 | RHEL 5 : kernel (RHSA-2012:1323) | Nessus | Red Hat Local Security Checks | high |
| 62241 | USN-1580-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
| 62240 | Ubuntu 12.04 LTS : linux vulnerabilities (USN-1579-1) | Nessus | Ubuntu Local Security Checks | high |
| 62239 | USN-1578-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
| 62238 | USN-1577-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
| 62212 | Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1575-1) | Nessus | Ubuntu Local Security Checks | high |
| 62211 | Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1574-1) | Nessus | Ubuntu Local Security Checks | high |
| 62200 | Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1573-1) | Nessus | Ubuntu Local Security Checks | high |
| 62199 | Ubuntu 10.04 LTS : linux vulnerabilities (USN-1572-1) | Nessus | Ubuntu Local Security Checks | high |
| 62112 | Ubuntu 11.10 : linux vulnerabilities (USN-1568-1) | Nessus | Ubuntu Local Security Checks | high |
| 62111 | Ubuntu 11.04 : linux vulnerabilities (USN-1567-1) | Nessus | Ubuntu Local Security Checks | high |
| 801527 | CentOS RHSA-2012-1323 Security Check | Log Correlation Engine | Generic | high |