Executive Summary

Informations
NameCVE-2019-11191First vendor Publication2019-04-11
VendorCveLast vendor Modification2019-05-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score1.9Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11191

CWE : Common Weakness Enumeration

%idName
100 %CWE-362Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3025

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/107887
MISC https://www.openwall.com/lists/oss-security/2019/04/03/4
https://www.openwall.com/lists/oss-security/2019/04/03/4/1
MLIST http://www.openwall.com/lists/oss-security/2019/04/18/5
http://www.openwall.com/lists/oss-security/2019/05/22/7

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2019-05-23 09:19:33
  • Multiple Updates
2019-05-04 12:08:54
  • Multiple Updates
2019-04-25 00:19:04
  • Multiple Updates
2019-04-23 21:19:17
  • Multiple Updates
2019-04-19 00:19:04
  • Multiple Updates
2019-04-12 17:19:15
  • Multiple Updates
2019-04-12 09:18:47
  • First insertion