PT-2011-1070 · Linux+2 · Linux Kernel+2

Brad Spengler

Published

2011-03-01

Updated

2015-10-06

CVE-2011-0726

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.39-rc1 kernel-kdumppae (affected versions not specified)

Description The issue concerns a function in the Linux kernel that does not perform an expected uid check, making it easier for local users to defeat the ASLR protection mechanism. This can be done by reading specific fields in the /proc/#####/stat file for a process executing a PIE binary. Additionally, there are multiple vulnerabilities in the kernel-kdumppae package of SUSE Linux Enterprise that can lead to disruption of protected information and can be exploited remotely.

Recommendations For Linux kernel versions prior to 2.6.39-rc1, update to version 2.6.39-rc1 or later to resolve the issue. For kernel-kdumppae, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-04607

CVE-2011-0726

DSA-2240-1

DSA-2264-1

RHSA-2011:0498

RHSA-2011:0500

RHSA-2011:0833

RHSA-2011_0498

RHSA-2011_0833

Affected Products

Linux Kernel

Red Hat

Kernel-Kdumppae

PT-2011-1070 · Linux+2 · Linux Kernel+2

CVE-2011-0726

Weakness Enumeration

Related Identifiers

Affected Products

References · 17