CVE-2011-2495

Priority
Description
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly
restrict access to /proc/#####/io files, which allows local users to obtain
sensitive I/O statistics by polling a file, as demonstrated by discovering
the length of another user's password.
Ubuntu-Description
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy.
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
Package
Upstream:released (3.1~rc1)
More Information

Updated: 2018-10-31 20:59:56 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)