CVE-2011-2494

LOW

Description

kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a51410abe7d0ee4b1d112780f46df87d3621043

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

http://secunia.com/advisories/48898

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1

http://www.openwall.com/lists/oss-security/2011/06/27/1

https://bugzilla.redhat.com/show_bug.cgi?id=716842

https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043

Details

Source: MITRE

Published: 2012-06-13

Updated: 2017-12-29

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.0.34 (inclusive)

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
83618SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0536-1)NessusSuSE Local Security Checks
medium
83603SUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)NessusSuSE Local Security Checks
high
83563SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2012:1391-1)NessusSuSE Local Security Checks
high
76635RHEL 6 : MRG (RHSA-2012:0010)NessusRed Hat Local Security Checks
critical
69585Amazon Linux AMI : kernel (ALAS-2011-26)NessusAmazon Linux Local Security Checks
high
68424Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2033)NessusOracle Linux Local Security Checks
critical
68394Oracle Linux 5 : kernel (ELSA-2011-1479)NessusOracle Linux Local Security Checks
high
68393Oracle Linux 6 : kernel (ELSA-2011-1465)NessusOracle Linux Local Security Checks
critical
67086CentOS 5 : kernel (CESA-2011:1479)NessusCentOS Local Security Checks
high
62676SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8325)NessusSuSE Local Security Checks
high
62675SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8324)NessusSuSE Local Security Checks
high
61181Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
61179Scientific Linux Security Update : kernel on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
58845SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)NessusSuSE Local Security Checks
critical
57854SuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5732)NessusSuSE Local Security Checks
high
57853SuSE 11.1 Security Update : Linux Kernel (SAT Patch Numbers 5723 / 5725)NessusSuSE Local Security Checks
high
57058Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1294-1)NessusUbuntu Local Security Checks
high
56978Ubuntu 11.04 : linux vulnerabilities (USN-1285-1)NessusUbuntu Local Security Checks
high
56974RHEL 5 : kernel (RHSA-2011:1479)NessusRed Hat Local Security Checks
high
56949USN-1281-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
56947Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1279-1)NessusUbuntu Local Security Checks
high
56927RHEL 6 : kernel (RHSA-2011:1465)NessusRed Hat Local Security Checks
critical
56917Ubuntu 11.10 : linux vulnerability (USN-1275-1)NessusUbuntu Local Security Checks
medium
56817USN-1260-1 : linux-ti-omap4 vulnerabilityNessusUbuntu Local Security Checks
low
56768Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)NessusUbuntu Local Security Checks
critical
56747Ubuntu 10.04 LTS : linux vulnerabilities (USN-1253-1)NessusUbuntu Local Security Checks
critical
56644Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1245-1)NessusUbuntu Local Security Checks
critical
56643USN-1244-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
56642Ubuntu 10.10 : linux vulnerabilities (USN-1243-1)NessusUbuntu Local Security Checks
medium
56641Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1242-1)NessusUbuntu Local Security Checks
medium
56640USN-1241-1 : linux-fsl-imx51 vulnerabilitiesNessusUbuntu Local Security Checks
critical
56639Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1240-1)NessusUbuntu Local Security Checks
critical
56638Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1239-1)NessusUbuntu Local Security Checks
critical
56583Ubuntu 8.04 LTS : linux vulnerabilities (USN-1236-1)NessusUbuntu Local Security Checks
high