Описание
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 2.6.39-0.1 |
| hardy | released | 2.6.24-29.93 |
| karmic | ignored | |
| lucid | released | 2.6.32-34.73 |
| maverick | released | 2.6.35-30.57 |
| natty | released | 2.6.38-11.49 |
| oneiric | not-affected | 2.6.39-0.1 |
| upstream | released | 2.6.39~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| karmic | ignored | end of life |
| lucid | released | 2.6.32-318.37 |
| maverick | ignored | end of life |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 2.6.39~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| karmic | ignored | end of life |
| lucid | released | 2.6.31-610.27 |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 2.6.39~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| karmic | DNE | |
| lucid | released | 2.6.35-30.57~lucid1 |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 2.6.39~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.38-11.49~lucid1 |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 2.6.39~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | not-affected | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 2.6.39~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| karmic | ignored | end of life |
| lucid | released | 2.6.32-218.35 |
| maverick | released | 2.6.32-418.35 |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 2.6.39~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 3.0.0-1204.9 |
| hardy | DNE | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | released | 2.6.35-903.23 |
| natty | released | 2.6.38-1209.15 |
| oneiric | not-affected | 3.0.0-1204.9 |
| upstream | released | 2.6.39~rc1 |
Показывать по
Ссылки на источники
EPSS
4.6 Medium
CVSS2
Связанные уязвимости
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
The proc filesystem implementation in the Linux kernel 2.6.37 and earl ...
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
ELSA-2011-1530: Oracle Linux 6 kernel security, bug fix and enhancement update (MODERATE)
EPSS
4.6 Medium
CVSS2