kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
http://secunia.com/advisories/48898
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
http://www.openwall.com/lists/oss-security/2011/06/27/1
https://bugzilla.redhat.com/show_bug.cgi?id=716842
https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043
OR
cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.0.34 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
83618 | SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0536-1) | Nessus | SuSE Local Security Checks | medium |
83603 | SUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1) | Nessus | SuSE Local Security Checks | high |
83563 | SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2012:1391-1) | Nessus | SuSE Local Security Checks | high |
76635 | RHEL 6 : MRG (RHSA-2012:0010) | Nessus | Red Hat Local Security Checks | critical |
69585 | Amazon Linux AMI : kernel (ALAS-2011-26) | Nessus | Amazon Linux Local Security Checks | high |
68424 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2033) | Nessus | Oracle Linux Local Security Checks | critical |
68394 | Oracle Linux 5 : kernel (ELSA-2011-1479) | Nessus | Oracle Linux Local Security Checks | high |
68393 | Oracle Linux 6 : kernel (ELSA-2011-1465) | Nessus | Oracle Linux Local Security Checks | critical |
67086 | CentOS 5 : kernel (CESA-2011:1479) | Nessus | CentOS Local Security Checks | high |
62676 | SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8325) | Nessus | SuSE Local Security Checks | high |
62675 | SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8324) | Nessus | SuSE Local Security Checks | high |
61181 | Scientific Linux Security Update : kernel on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
61179 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
58845 | SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172) | Nessus | SuSE Local Security Checks | critical |
57854 | SuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5732) | Nessus | SuSE Local Security Checks | high |
57853 | SuSE 11.1 Security Update : Linux Kernel (SAT Patch Numbers 5723 / 5725) | Nessus | SuSE Local Security Checks | high |
57058 | Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1294-1) | Nessus | Ubuntu Local Security Checks | high |
56978 | Ubuntu 11.04 : linux vulnerabilities (USN-1285-1) | Nessus | Ubuntu Local Security Checks | high |
56974 | RHEL 5 : kernel (RHSA-2011:1479) | Nessus | Red Hat Local Security Checks | high |
56949 | USN-1281-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
56947 | Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1279-1) | Nessus | Ubuntu Local Security Checks | high |
56927 | RHEL 6 : kernel (RHSA-2011:1465) | Nessus | Red Hat Local Security Checks | critical |
56917 | Ubuntu 11.10 : linux vulnerability (USN-1275-1) | Nessus | Ubuntu Local Security Checks | medium |
56817 | USN-1260-1 : linux-ti-omap4 vulnerability | Nessus | Ubuntu Local Security Checks | low |
56768 | Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1) | Nessus | Ubuntu Local Security Checks | critical |
56747 | Ubuntu 10.04 LTS : linux vulnerabilities (USN-1253-1) | Nessus | Ubuntu Local Security Checks | critical |
56644 | Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1245-1) | Nessus | Ubuntu Local Security Checks | critical |
56643 | USN-1244-1 : linux-ti-omap4 vulnerabilities | Nessus | Ubuntu Local Security Checks | high |
56642 | Ubuntu 10.10 : linux vulnerabilities (USN-1243-1) | Nessus | Ubuntu Local Security Checks | medium |
56641 | Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1242-1) | Nessus | Ubuntu Local Security Checks | medium |
56640 | USN-1241-1 : linux-fsl-imx51 vulnerabilities | Nessus | Ubuntu Local Security Checks | critical |
56639 | Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1240-1) | Nessus | Ubuntu Local Security Checks | critical |
56638 | Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1239-1) | Nessus | Ubuntu Local Security Checks | critical |
56583 | Ubuntu 8.04 LTS : linux vulnerabilities (USN-1236-1) | Nessus | Ubuntu Local Security Checks | high |