CVE-2011-1020
28.02.2011, 16:00
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.Enginsight
Vendor | Product | Version |
---|---|---|
linux | linux_kernel | 𝑥 < 2.6.37 |
𝑥
= Vulnerable software versions

Ubuntu Releases
Ubuntu Product | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
linux |
| ||||||||||||||
linux-ec2 |
| ||||||||||||||
linux-fsl-imx51 |
| ||||||||||||||
linux-lts-backport-maverick |
| ||||||||||||||
linux-lts-backport-natty |
| ||||||||||||||
linux-lts-backport-oneiric |
| ||||||||||||||
linux-mvl-dove |
| ||||||||||||||
linux-ti-omap4 |
|
Common Weakness Enumeration
References