PT-2012-3077 · Linux+3 · Linux Kernel+3

Cai Qian

Publicado

2012-02-28

Atualizado

2021-07-15

CVE-2012-1090

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.2.10

Description The issue allows local users to cause a denial of service via attempted access to a special file, such as a FIFO. This occurs because the cifs code attempts to open files on lookup under certain circumstances, and if the opened file is a special file, the open filehandle is leaked, leading to a dentry refcount mismatch and an OOPS on umount.

Recommendations For Linux kernel versions prior to 3.2.10, update to version 3.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to special files, such as FIFOs, to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2012_0481

CVE-2012-1090

DSA-2443-1

RHSA-2012:0481

RHSA-2012_0481

USN-1405-1

USN-1425-1

USN-1426-1

USN-1431-1

USN-1432-1

USN-1433-1

USN-1440-1

USN-1446-1

USN-1458-1

Produtos afetados

Centos

Linux Kernel

Red Hat

Suse

PT-2012-3077 · Linux+3 · Linux Kernel+3

CVE-2012-1090

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28