| Vulnerability Name: | CVE-2001-0317 (CCN-6080) | ||||||||
| Assigned: | 2001-02-08 | ||||||||
| Published: | 2001-02-08 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. | ||||||||
| CVSS v3 Severity: | 4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 3.7 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2001-009.0 security problems in ptrace and sysctl Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2001-012.0 several security problems in linux kernel Source: CCN Type: Caldera Systems, Inc. Security Advisory CSSA-2001-012.0 several security problems in linux kernel Source: BUGTRAQ Type: Patch, Vendor Advisory 20010213 Trustix Security Advisory - proftpd, kernel Source: CCN Type: BugTraq Mailing List, Tue Feb 13 2001 - 08:19:43 CST Trustix Security Advisory - proftpd, kernel Source: CCN Type: BugTraq Mailing List, Fri Jun 15 2001 - 02:18:15 CDT Re: OpenBSD 2.9,2.8 local root compromise Source: CCN Type: BugTraq Mailing List, Fri Jun 15 2001 - 01:38:03 CDT Re: OpenBSD 2.9,2.8 local root compromise Source: CCN Type: BugTraq Mailing List, Thu Jun 14 2001 - 16:03:17 CDT RE: OpenBSD 2.9,2.8 local root compromise Source: CCN Type: BugTraq Mailing List, Thu Feb 08 2001 - 16:52:02 CST Immunix OS Security update for kernel Source: MITRE Type: CNA CVE-2001-0317 Source: CCN Type: Conectiva Linux Announcement CLSA-2001:394 kernel Source: CCN Type: Immunix OS Security Advisory IMNX-2001-70-010-01 kernel Source: CCN Type: Progeny Linux Systems Security Advisory PROGENY-SA-2001-01A execve()/ptrace() exploit in Linux kernels prior to 2.2.19 Source: CCN Type: RHSA-2001-013 Three security holes fixed in new kernel Source: CCN Type: RHSA-2001-047 Linux kernel 2.2.19 now available Source: CALDERA Type: Patch, Vendor Advisory CSSA-2001-009 Source: CCN Type: CIAC Information Bulletin L-045 Red Hat Linux 'sysctl, ptrace, & mxcsr P4 ' Vulnerability Source: CCN Type: CIAC Information Bulletin L-076 Red Hat Ptrace and Exec Race Conditions Source: DEBIAN Type: DSA-047 kernel -- multiple security problems Source: CCN Type: Georgi Guninski Security Advisory #47 OpenBSD 2.9,2.8 local root compromise Source: CCN Type: US-CERT VU#176888 Linux kernel contains race condition via ptrace/procfs/execve Source: CCN Type: Linux-Mandrake Security Update Advisory MDKSA-2001:037 kernel Source: CCN Type: NetBSD Web site NetBSD Security Advisories Source: CCN Type: OpenBSD Security Fix 007: June 15, 2001 A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process. Source: CCN Type: OSVDB ID: 5843 Multiple Unix Kernel ptrace Track SUID Privilege Escalation Source: REDHAT Type: UNKNOWN RHSA-2001:013 Source: CCN Type: BID-2529 Linux ptrace/execve Race Condition Vulnerability Source: CCN Type: BID-2873 Multiple BSD Vendor exec() Ptrace Race Condition Vulnerability Source: CCN Type: SuSE Security Announcement SuSE-SA:2001:018 kernel Source: CCN Type: Trustix Secure Linux Security Advisory #2001-0003 kernel Source: CCN Type: USSG Indiana University Web Site Linux 2.2.19 Release Notes Source: XF Type: UNKNOWN linux-ptrace-modify-process(6080) Source: XF Type: UNKNOWN linux-ptrace-modify-process(6080) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||