Candidate: CVE-2011-4080 PublicDate: 2012-05-24 23:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4080 http://seclists.org/oss-sec/2011/q4/155 Description: The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment. Ubuntu-Description: Notes: tyhicks> There was some talk in the oss-sec thread about rejecting this CVE. It isn't clear if it was rejected or not. Bugs: https://launchpad.net/bugs/925987 Priority: low Discovered-by: Assigned-to: CVSS: Patches_linux: break-fix: eaf06b241b091357e72b76863ba16e89610d31bd bfdc0b497faa82a0ba2f9dddcf109231dd519fcc upstream_linux: released (2.6.39~rc1) hardy_linux: not-affected lucid_linux: not-affected maverick_linux: not-affected natty_linux: not-affected (2.6.38-8.40) oneiric_linux: not-affected (2.6.39-0.1) precise_linux: not-affected (3.1.0-1.1) devel_linux: not-affected (3.1.0-1.0) Patches_linux-ec2: upstream_linux-ec2: released (2.6.39~rc1) hardy_linux-ec2: DNE lucid_linux-ec2: not-affected maverick_linux-ec2: ignored (binary supplied by "linux" now) natty_linux-ec2: DNE oneiric_linux-ec2: DNE precise_linux-ec2: DNE devel_linux-ec2: DNE Patches_linux-mvl-dove: upstream_linux-mvl-dove: released (2.6.39~rc1) hardy_linux-mvl-dove: DNE lucid_linux-mvl-dove: ignored (reached end-of-life) maverick_linux-mvl-dove: not-affected natty_linux-mvl-dove: DNE oneiric_linux-mvl-dove: DNE precise_linux-mvl-dove: DNE devel_linux-mvl-dove: DNE Patches_linux-ti-omap4: upstream_linux-ti-omap4: released (2.6.39~rc1) hardy_linux-ti-omap4: DNE lucid_linux-ti-omap4: DNE maverick_linux-ti-omap4: not-affected natty_linux-ti-omap4: not-affected (2.6.38-1208.11) oneiric_linux-ti-omap4: not-affected (2.6.38-1309.13) precise_linux-ti-omap4: not-affected (3.0.0-1401.2) devel_linux-ti-omap4: not-affected (3.0.0-1401.2) Patches_linux-lts-backport-maverick: upstream_linux-lts-backport-maverick: released (2.6.39~rc1) hardy_linux-lts-backport-maverick: DNE lucid_linux-lts-backport-maverick: not-affected maverick_linux-lts-backport-maverick: DNE natty_linux-lts-backport-maverick: DNE oneiric_linux-lts-backport-maverick: DNE precise_linux-lts-backport-maverick: DNE devel_linux-lts-backport-maverick: DNE Patches_linux-fsl-imx51: upstream_linux-fsl-imx51: released (2.6.39~rc1) hardy_linux-fsl-imx51: DNE lucid_linux-fsl-imx51: not-affected maverick_linux-fsl-imx51: DNE natty_linux-fsl-imx51: DNE oneiric_linux-fsl-imx51: DNE precise_linux-fsl-imx51: DNE devel_linux-fsl-imx51: DNE Patches_linux-lts-backport-natty: upstream_linux-lts-backport-natty: released (2.6.39~rc1) hardy_linux-lts-backport-natty: DNE lucid_linux-lts-backport-natty: not-affected (2.6.38-8.40~lucid1) maverick_linux-lts-backport-natty: DNE natty_linux-lts-backport-natty: DNE oneiric_linux-lts-backport-natty: DNE precise_linux-lts-backport-natty: DNE devel_linux-lts-backport-natty: DNE Patches_linux-lts-backport-oneiric: upstream_linux-lts-backport-oneiric: released (2.6.39~rc1) hardy_linux-lts-backport-oneiric: DNE lucid_linux-lts-backport-oneiric: not-affected (3.0.0-5.6~lucid1) maverick_linux-lts-backport-oneiric: DNE natty_linux-lts-backport-oneiric: DNE oneiric_linux-lts-backport-oneiric: DNE precise_linux-lts-backport-oneiric: DNE devel_linux-lts-backport-oneiric: DNE Patches_linux-armadaxp: upstream_linux-armadaxp: released (2.6.39~rc1) hardy_linux-armadaxp: DNE lucid_linux-armadaxp: DNE natty_linux-armadaxp: DNE oneiric_linux-armadaxp: DNE precise_linux-armadaxp: not-affected (3.2.0-1600.1) devel_linux-armadaxp: not-affected (3.2.0-1602.5)