Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
BID:52197
Info
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
| Bugtraq ID: | 52197 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2012-1090 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 28 2012 12:00AM |
| Updated: | Apr 13 2015 09:35PM |
| Credit: | CAI Qian |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server Unsupported Extras 11 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 SuSE SUSE Linux Enterprise Server 11 SP2 SuSE SUSE Linux Enterprise Server 11 SP1 SuSE SUSE Linux Enterprise High Availability Extension 11 SP1 SuSE Suse Linux Enterprise Desktop 11 SP2 SuSE Suse Linux Enterprise Desktop 11 SP1 Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 OpenVZ Project OpenVZ 042stab053.5 OpenVZ Project OpenVZ 042stab049.6 OpenVZ Project OpenVZ 042stab044.17 OpenVZ Project OpenVZ 042stab044.11 OpenVZ Project OpenVZ 042stab039.10 OpenVZ Project OpenVZ 042stab037.1 Linux kernel 2.6.39 rc4 Linux kernel 2.6.39 Linux kernel 2.6.38 Linux kernel 2.6.37 Linux kernel 2.6.36 Linux kernel 2.6.35 Linux kernel 2.6.34 Linux kernel 2.6.33 rc1 Linux kernel 2.6.33 .1 Linux kernel 2.6.33 Linux kernel 2.6.32 .9 Linux kernel 2.6.32 Linux kernel 2.6.31 5 Linux kernel 2.6.31 13 Linux kernel 2.6.31 .2 Linux kernel 2.6.31 .11 Linux kernel 2.6.31 Linux kernel 2.6.39-rc6 Linux kernel 2.6.39-rc3 Linux kernel 2.6.38.6 Linux kernel 2.6.38.4 Linux kernel 2.6.38.3 Linux kernel 2.6.38.2 Linux kernel 2.6.38-rc7 Linux kernel 2.6.38-rc4 Linux kernel 2.6.38-rc2 Linux kernel 2.6.38-git18 Linux kernel 2.6.37rc Linux kernel 2.6.37.2 Linux kernel 2.6.37-rc7 Linux kernel 2.6.37-rc2 Linux kernel 2.6.37-rc1 Linux kernel 2.6.36-rc8 Linux kernel 2.6.36-rc6 Linux kernel 2.6.36-rc5 Linux kernel 2.6.36-rc4 Linux kernel 2.6.36-rc1 Linux kernel 2.6.35.5 Linux kernel 2.6.35.4 Linux kernel 2.6.35.1 Linux kernel 2.6.35-rc6 Linux kernel 2.6.35-rc5-git5 Linux kernel 2.6.35-rc5 Linux kernel 2.6.35-rc4 Linux kernel 2.6.35-rc1 Linux kernel 2.6.34.3 Linux kernel 2.6.34.2 Linux kernel 2.6.34.1 Linux kernel 2.6.34-rc6 Linux kernel 2.6.34-rc5 Linux kernel 2.6.34-rc4 Linux kernel 2.6.34-rc2-git1 Linux kernel 2.6.34-rc2 Linux kernel 2.6.34-rc1 Linux kernel 2.6.33.7 Linux kernel 2.6.33-rc8 Linux kernel 2.6.33-rc7 Linux kernel 2.6.33-rc7 Linux kernel 2.6.33-rc6-git5 Linux kernel 2.6.33-rc6 Linux kernel 2.6.33-rc5 Linux kernel 2.6.33-rc4 Linux kernel 2.6.32.8 Linux kernel 2.6.32.7 Linux kernel 2.6.32.6 Linux kernel 2.6.32.5 Linux kernel 2.6.32.4 Linux kernel 2.6.32.3 Linux kernel 2.6.32.28 Linux kernel 2.6.32.22 Linux kernel 2.6.32.2 Linux kernel 2.6.32.18 Linux kernel 2.6.32.17 Linux kernel 2.6.32.16 Linux kernel 2.6.32.15 Linux kernel 2.6.32.14 Linux kernel 2.6.32.13 Linux kernel 2.6.32.12 Linux kernel 2.6.32.11 Linux kernel 2.6.32.10 Linux kernel 2.6.32.1 Linux kernel 2.6.32-rc8 Linux kernel 2.6.32-rc7 Linux kernel 2.6.32-rc5 Linux kernel 2.6.32-rc4 Linux kernel 2.6.32-rc3 Linux kernel 2.6.32-rc2 Linux kernel 2.6.32-rc1 Linux kernel 2.6.31.6 Linux kernel 2.6.31.4 Linux kernel 2.6.31.1 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Avaya Aura Experience Portal 6.0 |
| Not Vulnerable: |
OpenVZ Project OpenVZ 042stab055.10 |
Discussion
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
The Linux kernel is prone to a local denial-of-service vulnerability that occurs during the CIFS 'umount' operation.
Attackers can exploit this issue to cause the kernel to panic, denying service to legitimate users.
This issue is introduced in Linux kernel 2.6.31.
The Linux kernel is prone to a local denial-of-service vulnerability that occurs during the CIFS 'umount' operation.
Attackers can exploit this issue to cause the kernel to panic, denying service to legitimate users.
This issue is introduced in Linux kernel 2.6.31.
Exploit / POC
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
Attackers can use readily available commands to exploit this issue.
Attackers can use readily available commands to exploit this issue.
Solution / Fix
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
References:
References:
- [PATCH] cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layto)
- Download/kernel/rhel6/042stab055.10 (OpenVZ Project)
- Linux kernel Homepage (kernel.org)
- ASA-2012-188 kernel security, bug fix, and enhancement update (RHSA-2012-0481) (Avaya)