Your submission was sent successfully! Close

CVE-2011-1020

Published: 28 February 2011

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

From the Ubuntu Security Team

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.6.24-29.93)
karmic Ignored

lucid
Released (2.6.32-34.73)
maverick
Released (2.6.35-30.57)
natty
Released (2.6.38-11.49)
oneiric Not vulnerable
(2.6.39-0.1)
upstream
Released (2.6.39~rc1)
Patches:
Introduced by

85863e475e59afb027b0113290e3796ee6020b7d

Fixed by ca6b0bf0e086513b9ee5efc0aa5770ecb57778af
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by ec6fd8a4355cda81cd9f06bebc048e83eb514ac7
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by d6f64b89d7ff22ce05896ab4a93a653e8d0b123d
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 2fadaef41283aad7100fa73f01998cddaca25833
Introduced by

ebcb67341fee34061430f3367f2e507e52ee051b

Fixed by a9712bc12c40c172e393f85a9b2ba8db4bf59509
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(reached end-of-life)
lucid
Released (2.6.32-318.37)
maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(reached end-of-life)
lucid
Released (2.6.31-610.27)
maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (2.6.35-30.57~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.38-11.49~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(abandonded branch)
lucid
Released (2.6.32-218.35)
maverick
Released (2.6.32-418.35)
natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.23)
natty
Released (2.6.38-1209.15)
oneiric Not vulnerable
(3.0.0-1204.9)
upstream
Released (2.6.39~rc1)