82808 : Linux Kernel drivers/net/ethernet/dlink/dl2k.c rio_ioctl() Function ethtool IOCTLS Permission Weakness Local DoS
Printer | http://osvdb.org/82808 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
3	371	12 months ago	about 1 month ago	12 times	100%

Timeline

Disclosure Date
2012-06-04

Description

Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered by the dl2k network card driver not properly handling restrictions for some ethtool IOCTLS. This may allow a local attacker to cause a loss of availability for the network card and subsequently the system.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Third-Party Solution
Exploit: Exploit Unknown

Solution

Upgrade to version 3.0.31 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux Kernel Organization, Inc.

Kernel

3.1.9-1.4

References

Security Tracker: 1027796
CVE ID: 2012-2313 (see also: NVD)
Secunia Advisory ID: 49374 49556 49628 49633 49729 49779 50250 50346 50765 50923 52943
Bugtraq ID: 53965
Related OSVDB ID: 82813
Vendor Specific News/Changelog Entry: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1bb57e940e1958e40d51f2078f50c3a96a9b2d75
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00017.html
http://wiki.openvz.org/Download/kernel/rhel5/028stab106.2
http://wiki.openvz.org/Download/kernel/rhel6/042stab062.2
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.7
http://www.ubuntu.com/usn/usn-1473-1/
http://www.ubuntu.com/usn/usn-1474-1/
http://www.ubuntu.com/usn/usn-1476-1/
http://www.ubuntu.com/usn/usn-1488-1/
http://www.ubuntu.com/usn/usn-1490-1/
http://www.ubuntu.com/usn/usn-1491-1/
http://www.ubuntu.com/usn/usn-1492-1/
http://www.ubuntu.com/usn/usn-1493-1/
http://www.ubuntu.com/usn/usn-1530-1/
https://bugzilla.novell.com/show_bug.cgi?id=757783
https://bugzilla.redhat.com/show_bug.cgi?id=818820
https://github.com/torvalds/linux/commit/1bb57e940e1958e40d51f2078f50c3a96a9b2d75
Other Advisory URL: http://www.openwall.com/lists/oss-security/2012/05/04/8
RedHat RHSA: RHSA-2012-1174 RHSA-2012:1304 RHSA-2012:1481 RHSA-2012:1589

Credit

Not Available

CVSSv2 Score

CVSSv2 Base Score = 1.2
Source: nvd.nist.gov | Generated: 2012-06-13 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.