Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0006

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2011-0006
Last Modified 26 Jun 2012 12:00:00
Published 21 Jun 2012 07:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0006

Summary

The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.36.1

  • Linux Kernel 2.6.36.2

  • Linux Kernel 2.6.36.3

  • Linux Kernel 2.6.36.4


References

CONFIRM - https://github.com/torvalds/linux/commit/867c20265459d30a01b021a9c1e81fb4c5832aa9

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=667912

MLIST - [oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=867c20265459d30a01b021a9c1e81fb4c5832aa9

CONFIRM - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37


Last Updated: 27 May 2016 10:56:34