CVE-2012-0217

Name of the Vulnerable Software and Affected Versions Xen versions 4.1.2 and earlier Citrix XenServer versions 6.0.2 and earlier Oracle Solaris versions 11 and earlier illumos versions prior to r13724 Joyent SmartOS versions prior to 20120614T184600Z FreeBSD versions prior to 9.0-RELEASE-p3 NetBSD versions 6.0 Beta and earlier Microsoft Windows Server versions 2008 R2 and R2 SP1 Microsoft Windows 7 versions Gold and SP1

Description The issue allows local users to gain privileges via a crafted application due to incorrect use of the Intel specification by the x86-64 kernel system-call functionality when running on an Intel processor. This can lead to an elevation of privilege vulnerability, enabling an attacker to run arbitrary code in kernel mode, install programs, view, change, or delete data, or create new accounts with full administrative rights.

Recommendations For Xen versions 4.1.2 and earlier, consider upgrading to a newer version to resolve the issue. For Citrix XenServer versions 6.0.2 and earlier, consider upgrading to a newer version to resolve the issue. For Oracle Solaris versions 11 and earlier, consider upgrading to a newer version to resolve the issue. For illumos versions prior to r13724, consider upgrading to version r13724 or later to resolve the issue. For Joyent SmartOS versions prior to 20120614T184600Z, consider upgrading to version 20120614T184600Z or later to resolve the issue. For FreeBSD versions prior to 9.0-RELEASE-p3, consider upgrading to version 9.0-RELEASE-p3 or later to resolve the issue. For NetBSD versions 6.0 Beta and earlier, consider upgrading to a newer version to resolve the issue. For Microsoft Windows Server versions 2008 R2 and R2 SP1, and Microsoft Windows 7 versions Gold and SP1, apply the recommended patch or upgrade to a newer version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected products.