#VU45294 Permissions, Privileges, and Access Controls in Linux kernel - CVE-2011-1020

Vulnerability identifier: #VU45294

Vulnerability risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2011-1020

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 2.6.0 - 2.6.37

---

External links
https://openwall.com/lists/oss-security/2011/02/24/18
https://openwall.com/lists/oss-security/2011/02/25/2
https://seclists.org/fulldisclosure/2011/Jan/421
https://secunia.com/advisories/43496
https://securityreason.com/securityalert/8107
https://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/
https://www.securityfocus.com/bid/46567
https://exchange.xforce.ibmcloud.com/vulnerabilities/65693
https://lkml.org/lkml/2011/2/10/21
https://lkml.org/lkml/2011/2/7/368
https://lkml.org/lkml/2011/2/7/404
https://lkml.org/lkml/2011/2/7/414
https://lkml.org/lkml/2011/2/7/466
https://lkml.org/lkml/2011/2/7/474
https://lkml.org/lkml/2011/2/9/417

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.