Rapid7 Vulnerability & Exploit Database

ELSA-2012-2007 Moderate: Oracle Linux Unbreakable Enterprise kernel security and bug fix update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2012-2007 Moderate: Oracle Linux Unbreakable Enterprise kernel security and bug fix update

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

05/17/2012

Created

07/25/2018

Added

05/17/2012

Modified

04/11/2019

Description

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.

Solution(s)

oracle-linux-upgrade-kernel-uek
oracle-linux-upgrade-kernel-uek-debug
oracle-linux-upgrade-kernel-uek-debug-devel
oracle-linux-upgrade-kernel-uek-devel
oracle-linux-upgrade-kernel-uek-doc
oracle-linux-upgrade-kernel-uek-firmware
oracle-linux-upgrade-kernel-uek-headers
oracle-linux-upgrade-mlnx_en
oracle-linux-upgrade-ofa

References

https://attackerkb.com/topics/cve-2012-0879
CVE - 2012-0879
CVE - 2012-1090
CVE - 2012-1097
DSA-2469
RHSA-2012:0481
RHSA-2012:0531
http://oss.oracle.com/pipermail/el-errata/2012-April/002764.html
http://oss.oracle.com/pipermail/el-errata/2012-April/002766.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;