Vulnerability CVE-2012-0875

Vulnerability Name:

CVE-2012-0875 (CCN-73408)

Assigned:

2012-02-20

Published:

2012-02-20

Updated:

2023-02-13

Summary:

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:C)
3.8 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:C/E:U/RL:OF/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Complete

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.2 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:C)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:C/E:U/RL:OF/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Complete

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2012-0875

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SystemTap GIT Repository
PR13714 - Make sure REG_STATE.cfa_is_expr is always set correctly.

Source: CCN
Type: SystemTap Web page
SystemTap

Source: CCN
Type: BID-52121
SystemTap DWARF Expression Local Denial of Service Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 795913
CVE-2012-0875 systemtap: kernel panic when processing malformed DWARF unwind data

Source: XF
Type: UNKNOWN
systemtap-dwarf-dos(73408)

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:systemtap:systemtap:1.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20120875	V	CVE-2012-0875	2022-05-20
oval:org.opensuse.security:def:26221	P	Security update for python-numpy (Moderate) (in QA)	2022-01-17
oval:org.opensuse.security:def:32225	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:32223	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:26168	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:29441	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33989	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:26139	P	Security update for libvirt (Moderate)	2021-10-04
oval:org.opensuse.security:def:33005	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:32174	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:32966	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:33945	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:32118	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:42712	P	systemtap-1.5-0.9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33921	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:36305	P	systemtap-1.5-0.9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26058	P	Security update for postgresql10 (Moderate)	2021-05-27
oval:org.opensuse.security:def:29355	P	Security update for java-1_7_0-openjdk (Moderate)	2021-04-29
oval:org.opensuse.security:def:32081	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:34667	P	Security update for zabbix (Moderate)	2021-03-30
oval:org.opensuse.security:def:32284	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:33776	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:26196	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:32262	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:34627	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:31726	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:32138	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:33882	P	Security update for openssh (Moderate)	2020-12-16
oval:org.opensuse.security:def:33619	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:42449	P	systemtap-1.5-0.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36042	P	systemtap-1.5-0.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25603	P	Security update for java-1_8_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:29583	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:32547	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33153	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:29839	P	Security update for kdirstat	2020-12-01
oval:org.opensuse.security:def:33268	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33244	P	python-pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26484	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31783	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29940	P	Security update for libksba (Moderate)	2020-12-01
oval:org.opensuse.security:def:31509	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33531	P	Security update for Xerces-j2	2020-12-01
oval:org.opensuse.security:def:26586	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29143	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26309	P	Security update for haproxy (Important)	2020-12-01
oval:org.opensuse.security:def:33833	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:27303	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29224	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32381	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:27005	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25866	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31962	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25592	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:29498	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32525	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25795	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:29790	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33229	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33165	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26431	P	Security update for tor (Moderate)	2020-12-01
oval:org.opensuse.security:def:32328	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:31772	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26017	P	Security update for gnome-shell (Low)	2020-12-01
oval:org.opensuse.security:def:29896	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31508	P	Security update for python27 (Important)	2020-12-01
oval:org.opensuse.security:def:33474	P	Security update for libesmtp	2020-12-01
oval:org.opensuse.security:def:26572	P	kdelibs4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31989	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26270	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30615	P	Security update for systemtap	2020-12-01
oval:org.opensuse.security:def:31594	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:27268	P	popt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29155	P	Security update for libtcnative-1-0 (Important)	2020-12-01
oval:org.opensuse.security:def:26367	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:25855	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:31875	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:25591	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32486	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25667	P	Security update for u-boot (Important)	2020-12-01
oval:org.opensuse.security:def:29736	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:32591	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33154	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26280	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31771	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:25933	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:29878	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:33379	P	Security update for compat-openssl097g (Important)	2020-12-01
oval:org.opensuse.security:def:26533	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31857	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:30578	P	Security update for nagios-nrpe, nagios-plugins-nrpe	2020-12-01
oval:org.opensuse.security:def:31520	P	Security update for rpcbind (Moderate)	2020-12-01
oval:org.opensuse.security:def:26630	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29144	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26323	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25854	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31818	P	Security update for audiofile (Moderate)	2020-12-01
oval:org.opensuse.security:def:32437	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27040	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25930	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.mitre.oval:def:26124	P	SUSE-SU-2013:0669-1 -- Security update for systemtap	2014-09-08
oval:org.mitre.oval:def:23814	P	ELSA-2012:0376: systemtap security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21130	P	RHSA-2012:0376: systemtap security update (Moderate)	2014-02-24
oval:com.ubuntu.xenial:def:201208750000000	V	CVE-2012-0875 on Ubuntu 16.04 LTS (xenial) - low.	2014-02-04
oval:com.ubuntu.precise:def:20120875000	V	CVE-2012-0875 on Ubuntu 12.04 LTS (precise) - low.	2014-02-04
oval:com.ubuntu.trusty:def:20120875000	V	CVE-2012-0875 on Ubuntu 14.04 LTS (trusty) - low.	2014-02-04
oval:com.ubuntu.xenial:def:20120875000	V	CVE-2012-0875 on Ubuntu 16.04 LTS (xenial) - low.	2014-02-04
oval:com.redhat.rhsa:def:20120376	P	RHSA-2012:0376: systemtap security update (Moderate)	2012-03-08

BACK