Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2495

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2011-2495
Last Modified 30 Dec 2013 11:08:16
Published 13 Jun 2012 06:24:55
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2495

Summary

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.39

  • Linux Kernel 2.6.39.1

  • Linux Kernel 2.6.39.2

  • Linux Kernel 2.6.39.3


References

CONFIRM - https://github.com/torvalds/linux/commit/1d1221f375c94ef961ba8574ac4f85c8870ddd51

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d1221f375c94ef961ba8574ac4f85c8870ddd51

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=716825

MLIST - [oss-security] 20110627 Re: CVE request: kernel: taskstats/procfs io infoleak

CONFIRM - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4

REDHAT - RHSA-2011:1212

Related Patches

Novell SUSE 2011:5056 kernel security update for SLE 11 SP1 i586


Last Updated: 27 May 2016 11:04:00