Executive Summary

Informations
NameCVE-2011-4080First vendor Publication2012-05-24
VendorCveLast vendor Modification2012-05-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:C/I:N/A:N)
Cvss Base Score4Attack RangeLocal
Cvss Impact Score6.9Attack ComplexityHigh
Cvss Expoit Score1.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4080

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os836

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b...
https://github.com/torvalds/linux/commit/bfdc0b497faa82a0ba2f9dddcf109231dd51...
MLISThttp://www.openwall.com/lists/oss-security/2011/10/26/10

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:10:03
  • Multiple Updates