PT-2011-1009 · Linux+2 · Linux Kernel+2

Vasiliy Kulikov

Publicado

2011-06-13

Atualizado

2023-02-13

CVE-2011-2494

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.1

Description The issue allows local users to obtain sensitive I/O statistics, potentially revealing confidential information such as the length of another user's password. This is achieved by sending taskstats commands to a netlink socket.

Recommendations For Linux kernel versions prior to 3.1, update to version 3.1 or later to resolve the issue.

Correção

RCE

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-200

Identificadores relacionados

BDU:2014-00070

CVE-2011-2494

RHSA-2011:1465

RHSA-2011:1479

RHSA-2011_1465

RHSA-2011_1479

RHSA-2012:0010

USN-1236-1

USN-1239-1

USN-1240-1

USN-1241-1

USN-1242-1

USN-1243-1

USN-1244-1

USN-1245-1

USN-1253-1

USN-1260-1

USN-1275-1

USN-1279-1

USN-1281-1

USN-1285-1

USN-1294-1

Produtos afetados

Linux Kernel

Red Hat

Suse

PT-2011-1009 · Linux+2 · Linux Kernel+2

CVE-2011-2494

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32