Executive Summary

Informations
Name CVE-2019-11191 First vendor Publication 2019-04-11
Vendor Cve Last vendor Modification 2019-06-17

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Overall CVSS Score 2.5
Base Score 2.5 Environmental Score 2.5
impact SubScore 1.4 Temporal Score 2.5
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact Low
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 1.9 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11191

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 3270

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/107887
MISC https://www.openwall.com/lists/oss-security/2019/04/03/4
https://www.openwall.com/lists/oss-security/2019/04/03/4/1
MLIST http://www.openwall.com/lists/oss-security/2019/04/18/5
http://www.openwall.com/lists/oss-security/2019/05/22/7
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
UBUNTU https://usn.ubuntu.com/4006-1/
https://usn.ubuntu.com/4006-2/
https://usn.ubuntu.com/4007-1/
https://usn.ubuntu.com/4007-2/
https://usn.ubuntu.com/4008-1/
https://usn.ubuntu.com/4008-3/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Date Informations
2020-08-11 12:23:47
  • Multiple Updates
2020-08-08 01:23:36
  • Multiple Updates
2020-08-07 12:24:03
  • Multiple Updates
2020-08-07 01:24:47
  • Multiple Updates
2020-08-01 12:23:40
  • Multiple Updates
2020-07-30 01:24:27
  • Multiple Updates
2020-05-24 01:27:14
  • Multiple Updates
2020-05-23 02:21:29
  • Multiple Updates
2019-09-12 12:10:52
  • Multiple Updates
2019-08-06 12:03:42
  • Multiple Updates
2019-07-02 15:39:59
  • Multiple Updates
2019-06-21 12:09:48
  • Multiple Updates
2019-06-19 12:10:02
  • Multiple Updates
2019-06-18 12:09:51
  • Multiple Updates
2019-06-15 00:19:12
  • Multiple Updates
2019-06-07 13:19:18
  • Multiple Updates
2019-06-05 09:19:22
  • Multiple Updates
2019-05-23 09:19:33
  • Multiple Updates
2019-05-04 12:08:54
  • Multiple Updates
2019-04-25 00:19:04
  • Multiple Updates
2019-04-23 21:19:17
  • Multiple Updates
2019-04-19 00:19:04
  • Multiple Updates
2019-04-12 17:19:15
  • Multiple Updates
2019-04-12 09:18:47
  • First insertion