Описание
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.0.0-8.10 |
| hardy | released | 2.6.24-29.95 |
| lucid | released | 2.6.32-35.78 |
| maverick | released | 2.6.35-30.61 |
| natty | released | 2.6.38-13.52 |
| oneiric | not-affected | 3.0.0-8.10 |
| upstream | released | 3.1~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.32-319.39 |
| maverick | ignored | end of life |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 3.1~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.31-611.29 |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 3.1~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.35-30.61~lucid1 |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 3.1~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.38-13.52~lucid1 |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 3.1~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | not-affected | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 3.1~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.32-219.37 |
| maverick | released | 2.6.32-419.37 |
| natty | DNE | |
| oneiric | DNE | |
| upstream | released | 3.1~rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.0.0-1201.4 |
| hardy | DNE | |
| lucid | DNE | |
| maverick | released | 2.6.35-903.26 |
| natty | released | 2.6.38-1209.17 |
| oneiric | not-affected | 3.0.0-1201.4 |
| upstream | released | 3.1~rc1 |
Показывать по
Ссылки на источники
EPSS
2.1 Low
CVSS2
Связанные уязвимости
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly r ...
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.
ELSA-2011-1212: kernel security and bug fix update (IMPORTANT)
EPSS
2.1 Low
CVSS2