Published: 28/02/2011 Updated: 12/08/2020

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The proc filesystem implementation in the Linux kernel 2.6.37 and previous versions does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix multiple security issues, address severalhundred bugs and add numerous enhancements are now available as part of theongoing support a ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, several bugs,and add one enhancement are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated ...

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix various security issues and several bugsare now available for Red Hat Enterprise Linux 61 Extended Update SupportThe Red Hat Security Response Team has rated this update a ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process in ...

Multiple kernel flaws have been fixed ...

Several security issues were fixed in the kernel ...

Multiple kernel flaws have been fixed ...

Multiple kernel flaws were fixed ...

Multiple kernel flaws have been fixed ...

Source: wwwhalfdognet/Security/2011/SuidBinariesAndProcInterface/ # proc Handling of Already Opened Files: Subvert The Stack Base Address Randomization With Suid-Binaries Problem description: Latest ubuntu lucid stock kernel (2632-27-generic) contains a bug that allows to keep attached to open /proc file entries as lower privileged use ...

Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly A local user could exploit this to read kernel stack memory, leading to a loss of privacy Brad Spengler discovered that stack memory for new a process was not correctly calculated A local attacker could exploit this to crash ...

CVE-2011-1020

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect