what you don't know can hurt you
Showing 1 - 20 of 20 RSS Feed

CVE-2011-1020

Status Candidate

Overview

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

Related Files

Linux Kernel 2.6.32 Privilege Escalation
Posted Apr 1, 2017
Authored by halfdog

Linux kernel version 2.6.32 (Ubuntu 10.04) suffers from a /proc handling setuid privilege escalation vulnerability.

tags | exploit, kernel
systems | linux, ubuntu
advisories | CVE-2011-1020
SHA-256 | 3594c9413e10a2969f55206fd998c42d9a560202fece7a9015817bf484936e19
VMware Security Advisory 2012-0013
Posted Sep 1, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0013 - VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2010-2761, CVE-2010-4180, CVE-2010-4252, CVE-2010-4410, CVE-2011-0014, CVE-2011-1020, CVE-2011-1089, CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-2699, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-3597, CVE-2011-4108, CVE-2011-4109, CVE-2011-4110, CVE-2011-4128, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4576, CVE-2011-4577, CVE-2011-4609
SHA-256 | ab37b6926b046653acdeeef66e7c85ba
Red Hat Security Advisory 2012-0116-01
Posted Feb 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0116-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1020, CVE-2011-3347, CVE-2011-3637, CVE-2011-3638, CVE-2011-4110
SHA-256 | 71cb08ef2d809cd41a86b8da8e6cf0581e7d7544405546ba07d973f409a56d8f
Red Hat Security Advisory 2012-0007-01
Posted Jan 11, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0007-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2011-1020, CVE-2011-3637, CVE-2011-4077, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4330, CVE-2011-4348
SHA-256 | 14cc28a3df69b8e6b2fc6473a6b5dacebe7c4ddbba6984ec740c93d61e9322db
Red Hat Security Advisory 2011-1530-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1530-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1020, CVE-2011-3347, CVE-2011-3638, CVE-2011-4110
SHA-256 | 0ea0d8d1bd62a748fefde36e3fb68a6860a5459a3012b4b4223b673f37abf7b8
Ubuntu Security Notice USN-1256-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1256-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478, CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576, CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767, CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833, CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494
SHA-256 | 065ea3de04cbda6ba2f070db62f0f0ff03f73b678f1a9b1d73799d5e8bba15ab
Ubuntu Security Notice USN-1218-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4251, CVE-2010-4805, CVE-2011-1020, CVE-2011-1493, CVE-2011-1577, CVE-2011-2213, CVE-2011-2484, CVE-2011-2492, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918
SHA-256 | 7ce613f6fb82e60467fe2db0120524df0114dd4f622231bc1bba67151a5b6582
Ubuntu Security Notice USN-1216-1
Posted Sep 27, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1216-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4251, CVE-2010-4805, CVE-2011-1020, CVE-2011-1493, CVE-2011-1577, CVE-2011-2213, CVE-2011-2484, CVE-2011-2492, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918
SHA-256 | 632b7c41843d8b08abd09aa566debae12f62d2202a245defc954e205b756668d
Debian Security Advisory 2310-1
Posted Sep 23, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2310-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2009-4067, CVE-2011-0712, CVE-2011-1020, CVE-2011-2209, CVE-2011-2211, CVE-2011-2213, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2525, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 0ade6375df4fb18e4bf4cc0f6541e056556cbe078ca3ef9db083dea13e260836
Ubuntu Security Notice USN-1212-1
Posted Sep 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1212-1 - Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Various other issues were also addressed.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2011-0463, CVE-2011-1017, CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1160, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1182, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1581, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1770, CVE-2011-1771, CVE-2011-1833, CVE-2011-2022, CVE-2011-2484
SHA-256 | f2bd89a7fb4e075ddf3c443cc67ea905e50e3d359edda7464f4642e35cf7b84e
Ubuntu Security Notice USN-1211-1
Posted Sep 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1211-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.

tags | advisory, remote, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1020, CVE-2011-1493, CVE-2011-1833, CVE-2011-2492, CVE-2011-2689, CVE-2011-2699, CVE-2011-2918
SHA-256 | c722fd7511a442653d720916be5133aeccaba801f39a3fdb017e7ee6b3699415
Ubuntu Security Notice USN-1208-1
Posted Sep 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1208-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4251, CVE-2010-4805, CVE-2011-1020, CVE-2011-1493, CVE-2011-1577, CVE-2011-2213, CVE-2011-2484, CVE-2011-2492, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918
SHA-256 | c72d25c5c02bfb1b3dd8b578a0fff242bb575640e763f8cf25379ff8a0fc30ba
Ubuntu Security Notice USN-1205-1
Posted Sep 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1205-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.

tags | advisory, remote, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1020, CVE-2011-1493, CVE-2011-1770, CVE-2011-2484, CVE-2011-2492
SHA-256 | e901cc91b033169b3dfc85934ff4ac4f1d05b966694731a50e4441e8edea0d07
Ubuntu Security Notice USN-1204-1
Posted Sep 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1204-1 - Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2010-3859, CVE-2010-4075, CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4160, CVE-2010-4162, CVE-2010-4163, CVE-2010-4175, CVE-2010-4242, CVE-2010-4243, CVE-2010-4251, CVE-2010-4526, CVE-2010-4649, CVE-2010-4668, CVE-2010-4805, CVE-2011-0726, CVE-2011-1010, CVE-2011-1012, CVE-2011-1013, CVE-2011-1020, CVE-2011-1044, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1082, CVE-2011-1090, CVE-2011-1093
SHA-256 | d65a3d265010dcc757cc58fad050e2727d47806e2609d736043b0ff3e79a9e82
Ubuntu Security Notice USN-1203-1
Posted Sep 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1203-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4251, CVE-2010-4805, CVE-2011-1020, CVE-2011-1493, CVE-2011-1577, CVE-2011-2213, CVE-2011-2484, CVE-2011-2492, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918
SHA-256 | 286bb941d7141b756b5c455e3e57f8e085d01c33d50b9139d9d2c90312850771
Ubuntu Security Notice USN-1201-1
Posted Sep 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1201-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.

tags | advisory, remote, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1020, CVE-2011-1493, CVE-2011-1770, CVE-2011-2484, CVE-2011-2492
SHA-256 | 594e6301fd8adfd138461fd891793167bc75a8565f367e0d80fc7bc3941f4ea0
Red Hat Security Advisory 2011-1253-01
Posted Sep 12, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1253-01 - Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2010-4243, CVE-2010-4526, CVE-2011-1020, CVE-2011-1021, CVE-2011-1090, CVE-2011-1160, CVE-2011-1478, CVE-2011-1479, CVE-2011-1494, CVE-2011-1495, CVE-2011-1576, CVE-2011-1577, CVE-2011-1585, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1767, CVE-2011-1768, CVE-2011-1770, CVE-2011-1776, CVE-2011-2022, CVE-2011-2183, CVE-2011-2213, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492
SHA-256 | 5d74eae8a478f1639bcefe4abf0a381df1d68b77824da152d114e20cc673b84a
Debian Security Advisory 2303-2
Posted Sep 11, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2303-2 - The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a regression that can result in an oops during invalid accesses to /proc/<pid>/maps files.

tags | advisory
systems | linux, debian
advisories | CVE-2011-1020, CVE-2011-1576, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, CVE-2011-2918, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 5e72a6c97cffe3e5d4480641de2e9dd75b8941004f9b3efb715136b76b23e635
Debian Security Advisory 2303-1
Posted Sep 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2303-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2011-1020, CVE-2011-1576, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, CVE-2011-2918, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 72d50088cc453629042c1d2a8fe39ec8d1f2442c069a5c04c5bf02d848669ad6
Ubuntu Security Notice USN-1189-1
Posted Aug 20, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1189-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1493, CVE-2011-2492
SHA-256 | 297983344851a28369271ac3e74f0268a28bd05b499c87b25c5708bf72c76d42
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close