Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1011

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-1011
Last Modified 06 Sep 2011 11:15:14
Published 24 Feb 2011 04:00:18
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1011

Summary

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 3

  • Redhat Enterprise Linux 4

  • Redhat Enterprise Linux 5

  • Redhat Enterprise Linux 6

  • Redhat Fedora 10

  • Redhat Fedora 12

  • Redhat Fedora 13

  • Redhat Fedora 14

  • Redhat Fedora 6

  • Redhat Fedora 7

  • Redhat Fedora 8

  • Redhat Fedora 9

Application

  • Redhat Policycoreutils 1.0

  • Redhat Policycoreutils 1.1

  • Redhat Policycoreutils 1.10

  • Redhat Policycoreutils 1.12

  • Redhat Policycoreutils 1.14

  • Redhat Policycoreutils 1.16

  • Redhat Policycoreutils 1.18

  • Redhat Policycoreutils 1.2

  • Redhat Policycoreutils 1.20

  • Redhat Policycoreutils 1.21.1

  • Redhat Policycoreutils 1.21.10

  • Redhat Policycoreutils 1.21.11

  • Redhat Policycoreutils 1.21.12

  • Redhat Policycoreutils 1.21.13

  • Redhat Policycoreutils 1.21.14

  • Redhat Policycoreutils 1.21.15

  • Redhat Policycoreutils 1.21.16

  • Redhat Policycoreutils 1.21.17

  • Redhat Policycoreutils 1.21.18

  • Redhat Policycoreutils 1.21.19

  • Redhat Policycoreutils 1.21.2

  • Redhat Policycoreutils 1.21.20

  • Redhat Policycoreutils 1.21.21

  • Redhat Policycoreutils 1.21.22

  • Redhat Policycoreutils 1.21.3

  • Redhat Policycoreutils 1.21.4

  • Redhat Policycoreutils 1.21.5

  • Redhat Policycoreutils 1.21.6

  • Redhat Policycoreutils 1.21.7

  • Redhat Policycoreutils 1.21.8

  • Redhat Policycoreutils 1.21.9

  • Redhat Policycoreutils 1.22

  • Redhat Policycoreutils 1.23.1

  • Redhat Policycoreutils 1.23.10

  • Redhat Policycoreutils 1.23.11

  • Redhat Policycoreutils 1.23.2

  • Redhat Policycoreutils 1.23.3

  • Redhat Policycoreutils 1.23.4

  • Redhat Policycoreutils 1.23.5

  • Redhat Policycoreutils 1.23.6

  • Redhat Policycoreutils 1.23.7

  • Redhat Policycoreutils 1.23.8

  • Redhat Policycoreutils 1.23.9

  • Redhat Policycoreutils 1.24

  • Redhat Policycoreutils 1.25.1

  • Redhat Policycoreutils 1.25.2

  • Redhat Policycoreutils 1.25.3

  • Redhat Policycoreutils 1.25.4

  • Redhat Policycoreutils 1.25.5

  • Redhat Policycoreutils 1.25.6

  • Redhat Policycoreutils 1.25.7

  • Redhat Policycoreutils 1.25.8

  • Redhat Policycoreutils 1.25.9

  • Redhat Policycoreutils 1.26

  • Redhat Policycoreutils 1.27.1

  • Redhat Policycoreutils 1.27.10

  • Redhat Policycoreutils 1.27.11

  • Redhat Policycoreutils 1.27.12

  • Redhat Policycoreutils 1.27.13

  • Redhat Policycoreutils 1.27.14

  • Redhat Policycoreutils 1.27.15

  • Redhat Policycoreutils 1.27.16

  • Redhat Policycoreutils 1.27.17

  • Redhat Policycoreutils 1.27.18

  • Redhat Policycoreutils 1.27.19

  • Redhat Policycoreutils 1.27.2

  • Redhat Policycoreutils 1.27.20

  • Redhat Policycoreutils 1.27.21

  • Redhat Policycoreutils 1.27.22

  • Redhat Policycoreutils 1.27.23

  • Redhat Policycoreutils 1.27.24

  • Redhat Policycoreutils 1.27.25

  • Redhat Policycoreutils 1.27.26

  • Redhat Policycoreutils 1.27.27

  • Redhat Policycoreutils 1.27.28

  • Redhat Policycoreutils 1.27.29

  • Redhat Policycoreutils 1.27.3

  • Redhat Policycoreutils 1.27.30

  • Redhat Policycoreutils 1.27.31

  • Redhat Policycoreutils 1.27.32

  • Redhat Policycoreutils 1.27.33

  • Redhat Policycoreutils 1.27.34

  • Redhat Policycoreutils 1.27.35

  • Redhat Policycoreutils 1.27.36

  • Redhat Policycoreutils 1.27.37

  • Redhat Policycoreutils 1.27.4

  • Redhat Policycoreutils 1.27.5

  • Redhat Policycoreutils 1.27.6

  • Redhat Policycoreutils 1.27.7

  • Redhat Policycoreutils 1.27.8

  • Redhat Policycoreutils 1.27.9

  • Redhat Policycoreutils 1.28

  • Redhat Policycoreutils 1.29.1

  • Redhat Policycoreutils 1.29.10

  • Redhat Policycoreutils 1.29.11

  • Redhat Policycoreutils 1.29.12

  • Redhat Policycoreutils 1.29.13

  • Redhat Policycoreutils 1.29.14

  • Redhat Policycoreutils 1.29.15

  • Redhat Policycoreutils 1.29.16

  • Redhat Policycoreutils 1.29.17

  • Redhat Policycoreutils 1.29.18

  • Redhat Policycoreutils 1.29.19

  • Redhat Policycoreutils 1.29.2

  • Redhat Policycoreutils 1.29.20

  • Redhat Policycoreutils 1.29.21

  • Redhat Policycoreutils 1.29.22

  • Redhat Policycoreutils 1.29.23

  • Redhat Policycoreutils 1.29.24

  • Redhat Policycoreutils 1.29.25

  • Redhat Policycoreutils 1.29.26

  • Redhat Policycoreutils 1.29.27

  • Redhat Policycoreutils 1.29.28

  • Redhat Policycoreutils 1.29.3

  • Redhat Policycoreutils 1.29.4

  • Redhat Policycoreutils 1.29.5

  • Redhat Policycoreutils 1.29.6

  • Redhat Policycoreutils 1.29.7

  • Redhat Policycoreutils 1.29.8

  • Redhat Policycoreutils 1.29.9

  • Redhat Policycoreutils 1.30

  • Redhat Policycoreutils 1.30.1

  • Redhat Policycoreutils 1.30.10

  • Redhat Policycoreutils 1.30.11

  • Redhat Policycoreutils 1.30.12

  • Redhat Policycoreutils 1.30.13

  • Redhat Policycoreutils 1.30.14

  • Redhat Policycoreutils 1.30.15

  • Redhat Policycoreutils 1.30.16

  • Redhat Policycoreutils 1.30.17

  • Redhat Policycoreutils 1.30.18

  • Redhat Policycoreutils 1.30.19

  • Redhat Policycoreutils 1.30.2

  • Redhat Policycoreutils 1.30.20

  • Redhat Policycoreutils 1.30.21

  • Redhat Policycoreutils 1.30.22

  • Redhat Policycoreutils 1.30.23

  • Redhat Policycoreutils 1.30.24

  • Redhat Policycoreutils 1.30.25

  • Redhat Policycoreutils 1.30.26

  • Redhat Policycoreutils 1.30.27

  • Redhat Policycoreutils 1.30.28

  • Redhat Policycoreutils 1.30.29

  • Redhat Policycoreutils 1.30.3

  • Redhat Policycoreutils 1.30.30

  • Redhat Policycoreutils 1.30.31

  • Redhat Policycoreutils 1.30.4

  • Redhat Policycoreutils 1.30.5

  • Redhat Policycoreutils 1.30.6

  • Redhat Policycoreutils 1.30.7

  • Redhat Policycoreutils 1.30.8

  • Redhat Policycoreutils 1.30.9

  • Redhat Policycoreutils 1.32

  • Redhat Policycoreutils 1.33.1

  • Redhat Policycoreutils 1.33.10

  • Redhat Policycoreutils 1.33.11

  • Redhat Policycoreutils 1.33.12

  • Redhat Policycoreutils 1.33.13

  • Redhat Policycoreutils 1.33.14

  • Redhat Policycoreutils 1.33.15

  • Redhat Policycoreutils 1.33.16

  • Redhat Policycoreutils 1.33.2

  • Redhat Policycoreutils 1.33.3

  • Redhat Policycoreutils 1.33.4

  • Redhat Policycoreutils 1.33.5

  • Redhat Policycoreutils 1.33.6

  • Redhat Policycoreutils 1.33.7

  • Redhat Policycoreutils 1.33.8

  • Redhat Policycoreutils 1.33.9

  • Redhat Policycoreutils 1.34.0

  • Redhat Policycoreutils 1.34.1

  • Redhat Policycoreutils 1.4

  • Redhat Policycoreutils 1.6

  • Redhat Policycoreutils 1.8

  • Redhat Policycoreutils 2.0.0

  • Redhat Policycoreutils 2.0.1

  • Redhat Policycoreutils 2.0.10

  • Redhat Policycoreutils 2.0.11

  • Redhat Policycoreutils 2.0.12

  • Redhat Policycoreutils 2.0.13

  • Redhat Policycoreutils 2.0.14

  • Redhat Policycoreutils 2.0.15

  • Redhat Policycoreutils 2.0.16

  • Redhat Policycoreutils 2.0.17

  • Redhat Policycoreutils 2.0.18

  • Redhat Policycoreutils 2.0.19

  • Redhat Policycoreutils 2.0.2

  • Redhat Policycoreutils 2.0.20

  • Redhat Policycoreutils 2.0.21

  • Redhat Policycoreutils 2.0.22

  • Redhat Policycoreutils 2.0.23

  • Redhat Policycoreutils 2.0.24

  • Redhat Policycoreutils 2.0.25

  • Redhat Policycoreutils 2.0.26

  • Redhat Policycoreutils 2.0.27

  • Redhat Policycoreutils 2.0.28

  • Redhat Policycoreutils 2.0.29

  • Redhat Policycoreutils 2.0.3

  • Redhat Policycoreutils 2.0.30

  • Redhat Policycoreutils 2.0.31

  • Redhat Policycoreutils 2.0.32

  • Redhat Policycoreutils 2.0.33

  • Redhat Policycoreutils 2.0.34

  • Redhat Policycoreutils 2.0.35

  • Redhat Policycoreutils 2.0.36

  • Redhat Policycoreutils 2.0.37

  • Redhat Policycoreutils 2.0.38

  • Redhat Policycoreutils 2.0.39

  • Redhat Policycoreutils 2.0.4

  • Redhat Policycoreutils 2.0.40

  • Redhat Policycoreutils 2.0.41

  • Redhat Policycoreutils 2.0.42

  • Redhat Policycoreutils 2.0.43

  • Redhat Policycoreutils 2.0.44

  • Redhat Policycoreutils 2.0.45

  • Redhat Policycoreutils 2.0.46

  • Redhat Policycoreutils 2.0.47

  • Redhat Policycoreutils 2.0.48

  • Redhat Policycoreutils 2.0.49

  • Redhat Policycoreutils 2.0.5

  • Redhat Policycoreutils 2.0.50

  • Redhat Policycoreutils 2.0.51

  • Redhat Policycoreutils 2.0.52

  • Redhat Policycoreutils 2.0.53

  • Redhat Policycoreutils 2.0.54

  • Redhat Policycoreutils 2.0.55

  • Redhat Policycoreutils 2.0.56

  • Redhat Policycoreutils 2.0.57

  • Redhat Policycoreutils 2.0.58

  • Redhat Policycoreutils 2.0.59

  • Redhat Policycoreutils 2.0.6

  • Redhat Policycoreutils 2.0.60

  • Redhat Policycoreutils 2.0.61

  • Redhat Policycoreutils 2.0.62

  • Redhat Policycoreutils 2.0.63

  • Redhat Policycoreutils 2.0.64

  • Redhat Policycoreutils 2.0.65

  • Redhat Policycoreutils 2.0.66

  • Redhat Policycoreutils 2.0.67

  • Redhat Policycoreutils 2.0.68

  • Redhat Policycoreutils 2.0.69

  • Redhat Policycoreutils 2.0.7

  • Redhat Policycoreutils 2.0.70

  • Redhat Policycoreutils 2.0.71

  • Redhat Policycoreutils 2.0.72

  • Redhat Policycoreutils 2.0.73

  • Redhat Policycoreutils 2.0.74

  • Redhat Policycoreutils 2.0.75

  • Redhat Policycoreutils 2.0.76

  • Redhat Policycoreutils 2.0.77

  • Redhat Policycoreutils 2.0.78

  • Redhat Policycoreutils 2.0.79

  • Redhat Policycoreutils 2.0.8

  • Redhat Policycoreutils 2.0.80

  • Redhat Policycoreutils 2.0.81

  • Redhat Policycoreutils 2.0.82

  • Redhat Policycoreutils 2.0.83

  • Redhat Policycoreutils 2.0.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=633544

CONFIRM - http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob;f=policycoreutils-rhat.patch;h=d4db5bc06027de23d12a4b3f18fa6f9b1517df27;hb=HEAD#l2197

XF - policycoreutils-seunshare-symlink(65641)

VUPEN - ADV-2011-0864

VUPEN - ADV-2011-0701

SECTRACK - 1025291

BID - 46510

REDHAT - RHSA-2011:0414

SECUNIA - 44034

SECUNIA - 43844

SECUNIA - 43415

MLIST - [oss-security] 20110223 Re: CVE Request

MLIST - [oss-security] 20110222 CVE Request

FEDORA - FEDORA-2011-3043

FULLDISC - 20110222 Developers should not rely on the stickiness of /tmp on Red Hat Linux


Last Updated: 27 May 2016 10:56:07