Executive Summary

Informations
NameCVE-2019-11191First vendor Publication2019-04-11
VendorCveLast vendor Modification2019-06-17

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score1.9Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11191

CWE : Common Weakness Enumeration

%idName
100 %CWE-362Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3226

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/107887
MISC https://www.openwall.com/lists/oss-security/2019/04/03/4
https://www.openwall.com/lists/oss-security/2019/04/03/4/1
MLIST http://www.openwall.com/lists/oss-security/2019/04/18/5
http://www.openwall.com/lists/oss-security/2019/05/22/7
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
UBUNTU https://usn.ubuntu.com/4006-1/
https://usn.ubuntu.com/4006-2/
https://usn.ubuntu.com/4007-1/
https://usn.ubuntu.com/4007-2/
https://usn.ubuntu.com/4008-1/
https://usn.ubuntu.com/4008-3/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
DateInformations
2019-07-02 15:39:59
  • Multiple Updates
2019-06-21 12:09:48
  • Multiple Updates
2019-06-19 12:10:02
  • Multiple Updates
2019-06-18 12:09:51
  • Multiple Updates
2019-06-15 00:19:12
  • Multiple Updates
2019-06-07 13:19:18
  • Multiple Updates
2019-06-05 09:19:22
  • Multiple Updates
2019-05-23 09:19:33
  • Multiple Updates
2019-05-04 12:08:54
  • Multiple Updates
2019-04-25 00:19:04
  • Multiple Updates
2019-04-23 21:19:17
  • Multiple Updates
2019-04-19 00:19:04
  • Multiple Updates
2019-04-12 17:19:15
  • Multiple Updates
2019-04-12 09:18:47
  • First insertion