Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-2495

Опубликовано: 21 июн. 2011
Источник: redhat
CVSS2: 2.1

Описание

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.

Отчет

This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1212.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4kernelWill not fix
Red Hat Enterprise Linux 5kernelFixedRHSA-2011:121206.09.2011
Red Hat Enterprise Linux 5.6 EUS - Server OnlykernelFixedRHSA-2011:181313.12.2011
Red Hat Enterprise Linux 6kernelFixedRHSA-2011:118923.08.2011
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2011:125312.09.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=716825kernel: /proc/PID/io infoleak

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-2495

ubuntu
около 13 лет назад

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.

nvd логотип

CVE-2011-2495

nvd
около 13 лет назад

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.

debian логотип

CVE-2011-2495

debian
около 13 лет назад

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly r ...

github логотип

GHSA-qfq8-33vr-83jg

github
около 3 лет назад

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.

oracle-oval логотип

ELSA-2011-1212

oracle-oval
почти 14 лет назад

ELSA-2011-1212: kernel security and bug fix update (IMPORTANT)

2.1 Low

CVSS2