CVE-2011-0006

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.

References

http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=867c20265459d30a01b021a9c1e81fb4c5832aa9

http://www.openwall.com/lists/oss-security/2011/01/06/18

https://bugzilla.redhat.com/show_bug.cgi?id=667912

https://github.com/torvalds/linux/commit/867c20265459d30a01b021a9c1e81fb4c5832aa9

Details

Source: MITRE

Published: 2012-06-21

Updated: 2012-06-26

Type: CWE-264

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
68416Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2015)NessusOracle Linux Local Security Checks
high
68273Oracle Linux 6 : kernel (ELSA-2011-0498)NessusOracle Linux Local Security Checks
high
65103Ubuntu 10.04 LTS / 10.10 : linux-mvl-dove vulnerabilities (USN-1093-1)NessusUbuntu Local Security Checks
high
61035Scientific Linux Security Update : kernel on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
58289USN-1394-1 : Linux kernel (OMAP4) vulnerabilitiesNessusUbuntu Local Security Checks
high
53867RHEL 6 : kernel (RHSA-2011:0498)NessusRed Hat Local Security Checks
high
52597SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4039 / 4042 / 4043)NessusSuSE Local Security Checks
high
52571Fedora 13 : kernel-2.6.34.8-68.fc13 (2011-2134)NessusFedora Local Security Checks
medium
52528Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1080-2)NessusUbuntu Local Security Checks
high
52500Ubuntu 10.10 : linux vulnerabilities (USN-1081-1)NessusUbuntu Local Security Checks
high
52499Ubuntu 10.04 LTS : linux vulnerabilities (USN-1080-1)NessusUbuntu Local Security Checks
high
51949Fedora 14 : kernel-2.6.35.11-83.fc14 (2011-1138)NessusFedora Local Security Checks
medium