CVE-2011-2495 (retired)

Priority
Description
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly
restrict access to /proc/#####/io files, which allows local users to obtain
sensitive I/O statistics by polling a file, as demonstrated by discovering
the length of another user's password.
Ubuntu-Description
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy.
Notes
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
More Information

Updated: 2019-10-09 07:37:34 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)