Secunia
Login
|
|
CVE Reference: CVE-2011-1020 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2011-1020 |
|
|
Description: The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/65693 SREASON http://securityreason.com/securityalert/8107 SAID Secunia Advisory: SA43496 MLIST http://openwall.com/lists/oss-security/2011/02/25/2 http://openwall.com/lists/oss-security/2011/02/24/18 MISC http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/ FULLDISC http://seclists.org/fulldisclosure/2011/Jan/421 BID 46567 |
|
| Return to the previous page. |
