PT-2011-1070 · Linux+2 · Linux Kernel+2

Brad Spengler

Publicado

2011-03-01

Atualizado

2015-10-06

CVE-2011-0726

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.39-rc1 kernel-kdumppae (affected versions not specified)

Description The issue concerns a function in the Linux kernel that does not perform an expected uid check, making it easier for local users to defeat the ASLR protection mechanism. This can be done by reading specific fields in the /proc/#####/stat file for a process executing a PIE binary. Additionally, there are multiple vulnerabilities in the kernel-kdumppae package of SUSE Linux Enterprise that can lead to disruption of protected information and can be exploited remotely.

Recommendations For Linux kernel versions prior to 2.6.39-rc1, update to version 2.6.39-rc1 or later to resolve the issue. For kernel-kdumppae, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2015-04607

CVE-2011-0726

DSA-2240-1

DSA-2264-1

RHSA-2011:0498

RHSA-2011:0500

RHSA-2011:0833

RHSA-2011_0498

RHSA-2011_0833

Produtos afetados

Linux Kernel

Red Hat

Kernel-Kdumppae

PT-2011-1070 · Linux+2 · Linux Kernel+2

CVE-2011-0726

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17