CVE-2011-1020

Priority
Description
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier
does not restrict access to the /proc directory tree of a process after
this process performs an exec of a setuid program, which allows local users
to obtain sensitive information or cause a denial of service via open,
lseek, read, and write system calls.
Ubuntu-Description
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities.
Notes
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-12-05 20:56:43 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)