CVE-2011-1020
published 2011-02-28CVE-2011-1020: The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process…
PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.92%
55.9th percentile
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | < 2.6.37 | 2.6.37 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_ubuntu6.9MEDIUM
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (Natty backport) vulnerabilities
vendor_ubuntu·2011-11-09·CVSS 4.6
CVE-2011-1020 [MEDIUM] Linux kernel (Natty backport) vulnerabilities
Title: Linux kernel (Natty backport) vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-1078)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system,
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-09-29·CVSS 1.9
CVE-2010-4076 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about program
Ubuntu
Linux kernel (EC2) vulnerabilities
vendor_ubuntu·2011-09-26·CVSS 1.9
CVE-2010-4076 [LOW] Linux kernel (EC2) vulnerabilities
Title: Linux kernel (EC2) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about p
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2011-09-21·CVSS 2.1
CVE-2011-0463 [LOW] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
clear memory when writing certain file holes. A local attacker could
exploit this to read uninitialized data from the disk, leading to a loss of
privacy. (CVE-2011-0463)
Timo Warns discovered that the LDM disk partition handling code did not
correctly handle certain values. By inserting a specially crafted disk
device, a local attacker could exploit this to gain root privileges.
(CVE-2011-1017)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially incr
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-09-21·CVSS 4.6
CVE-2011-1020 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws have been fixed.
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)
Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not
correctly check the origin of mount points. A local attacker could exploit
this to trick the syst
Ubuntu
Linux kernel (Marvel DOVE) vulnerabilities
vendor_ubuntu·2011-09-14·CVSS 1.9
CVE-2011-2213 [LOW] Linux kernel (Marvel DOVE) vulnerabilities
Title: Linux kernel (Marvel DOVE) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 4.6
CVE-2011-1020 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws have been fixed.
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)
Dan Rosenberg discovered that the DCCP stack did not correctly handle
certain packet structures. A remote attacker could exploit this to crash
the system, leading t
Ubuntu
Linux kernel (Maverick backport) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 4.6
CVE-2011-1020 [MEDIUM] Linux kernel (Maverick backport) vulnerabilities
Title: Linux kernel (Maverick backport) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)
Dan Rosenberg discovered that the DCCP stack did not correctly handle
certain packet structures. A remote attacker could exploit this to crash
t
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 2.1
CVE-2011-1171 [LOW] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297)
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
correctly calculate the size of
Ubuntu
Linux kernel (i.MX51) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 6.9
CVE-2011-2918 [MEDIUM] Linux kernel (i.MX51) vulnerabilities
Title: Linux kernel (i.MX51) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered t
Ubuntu
Linux kernel (Marvel DOVE) vulnerabilities
vendor_ubuntu·2011-09-13·CVSS 1.9
CVE-2011-2700 [LOW] Linux kernel (Marvel DOVE) vulnerabilities
Title: Linux kernel (Marvel DOVE) vulnerabilities
Summary: Multiple kernel flaws have been fixed.
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2011-08-19·CVSS 4.6
CVE-2011-1020 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple kernel flaws were fixed.
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-1078)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system, leading to a denial of service,
Red Hat
kernel: no access restrictions of /proc/pid/* after setuid program exec
vendor_redhat·2011-02-07·CVSS 4.6
CVE-2011-1020 [MEDIUM] kernel: no access restrictions of /proc/pid/* after setuid program exec
kernel: no access restrictions of /proc/pid/* after setuid program exec
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
Statement: Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via RHSA-2012:0007, RHSA-2011:1530 and RHSA-2011:1253 respectively
GHSA
GHSA-5vjr-66w2-fxv8: The proc filesystem implementation in the Linux kernel 2
ghsa_unreviewed·2022-05-13
CVE-2011-1020 [MEDIUM] CWE-200 GHSA-5vjr-66w2-fxv8: The proc filesystem implementation in the Linux kernel 2
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
No detection rules found.
Exploit-DB
MYRE Real Estate Software - Multiple Vulnerabilities
exploitdb·2011-09-09
CVE-2011-3394 MYRE Real Estate Software - Multiple Vulnerabilities
MYRE Real Estate Software - Multiple Vulnerabilities
---
##############################################################################
#
# Title : MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities
# Author : Sooraj K.S SecPod Technologies (www.secpod.com)
# Vendor : http://myrephp.com
# Advisory : http://secpod.org/blog/?p=346
# http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt
# Software : MYRE Real Estate Software
# Date : 09/07/2011
#
###############################################################################
SecPod ID: 1020 20/07/2011 Issue Discovered
03/08/2011 Vendor Notified
No Response from Vendor
07/09/2011 Advisory Released
Class: Cross-Site Scripting / SQL Injection Severity: High
Overview:
MYRE Real Estate Software is prone to multiple
Exploit-DB
Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
exploitdb·2011-01-17
CVE-2011-1020 Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
---
Source: http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/
# proc Handling of Already Opened Files: Subvert The Stack Base Address Randomization With Suid-Binaries
Problem description: Latest ubuntu lucid stock kernel (2.6.32-27-generic) contains a bug that allows to keep attached to open /proc file entries as lower privileged user even after the process is executing suid binary. By doing that, a malicous user might draw information from the proc interface or even modify process settings of privileged process.
Monitor syscalls, syscall stack, limits of running suid-binaries: A simple helper program (ProcReadHelper.c) is sufficient to open a proc entry before executing a suid program and
http://openwall.com/lists/oss-security/2011/02/24/18http://openwall.com/lists/oss-security/2011/02/25/2http://seclists.org/fulldisclosure/2011/Jan/421http://secunia.com/advisories/43496http://securityreason.com/securityalert/8107http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/http://www.securityfocus.com/bid/46567https://exchange.xforce.ibmcloud.com/vulnerabilities/65693https://lkml.org/lkml/2011/2/10/21https://lkml.org/lkml/2011/2/7/368https://lkml.org/lkml/2011/2/7/404https://lkml.org/lkml/2011/2/7/414https://lkml.org/lkml/2011/2/7/466https://lkml.org/lkml/2011/2/7/474https://lkml.org/lkml/2011/2/9/417http://openwall.com/lists/oss-security/2011/02/24/18http://openwall.com/lists/oss-security/2011/02/25/2http://seclists.org/fulldisclosure/2011/Jan/421http://secunia.com/advisories/43496http://securityreason.com/securityalert/8107http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/http://www.securityfocus.com/bid/46567https://exchange.xforce.ibmcloud.com/vulnerabilities/65693https://lkml.org/lkml/2011/2/10/21https://lkml.org/lkml/2011/2/7/368https://lkml.org/lkml/2011/2/7/404https://lkml.org/lkml/2011/2/7/414https://lkml.org/lkml/2011/2/7/466https://lkml.org/lkml/2011/2/7/474https://lkml.org/lkml/2011/2/9/417
2011-02-28
Published