Vulnerability Name:

CVE-2001-1384 (CCN-7311)

Assigned:2001-10-18
Published:2001-10-18
Updated:2016-10-18
Summary:ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CALDERA
Type: UNKNOWN
CSSA-2001-036.0

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-036.0
Linux - several linux kernel security problems

Source: CCN
Type: BugTraq Mailing List, Thu Oct 18 2001 - 12:35:40 CDT
Flaws in recent Linux kernels

Source: CCN
Type: Immunix OS Security Advisory IMNX-2001-70-035-01
kernel-2.2.19

Source: MITRE
Type: CNA
CVE-2001-1384

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:432
kernel

Source: IMMUNIX
Type: UNKNOWN
IMNX-2001-70-035-01

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20011019-02
kernel

Source: BUGTRAQ
Type: UNKNOWN
20011018 Flaws in recent Linux kernels

Source: BUGTRAQ
Type: UNKNOWN
20011019 TSLSA-2001-0028

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBTL0112-003
Security vulnerabilities in the kernel

Source: HP
Type: UNKNOWN
HPSBTL0112-003

Source: CCN
Type: RHSA-2001-129-7.2
New kernel 2.4 packages are available for Red Hat 7.2

Source: CCN
Type: RHSA-2001-129
New kernel 2.4 packages are available

Source: CCN
Type: RHSA-2001-130
New kernel 2.2 packages are available

Source: XF
Type: Patch, Vendor Advisory
linux-ptrace-race-condition(7311)

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2001:079

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2001:082

Source: ENGARDE
Type: Patch, Vendor Advisory
ESA-20011019-02

Source: SUSE
Type: UNKNOWN
SuSE-SA:2001:036

Source: CCN
Type: OSVDB ID: 12014
Linux Kernel ptrace Race Privilege Escalation

Source: REDHAT
Type: UNKNOWN
RHSA-2001:129

Source: REDHAT
Type: UNKNOWN
RHSA-2001:130

Source: BID
Type: UNKNOWN
3447

Source: CCN
Type: BID-3447
Linux Ptrace/Setuid Exec Vulnerability

Source: CCN
Type: BID-5466
HP Secure OS For Linux PTrace / IOCTL Unauthorized Process Access Vulnerability

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:036
kernel

Source: CCN
Type: Trustix Secure Linux Security Advisory TSLSA-2001-0028
kernel

Source: XF
Type: UNKNOWN
linux-ptrace-race-condition(7311)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.13:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.15:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.16:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.17:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.18:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.19:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.19:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.13:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.15:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.16:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.17:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.18:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.01:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:prg_graficos:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:ecommerce:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:secure_os:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    linux linux kernel 2.2.0
    linux linux kernel 2.2.1
    linux linux kernel 2.2.2
    linux linux kernel 2.2.3
    linux linux kernel 2.2.4
    linux linux kernel 2.2.5
    linux linux kernel 2.2.6
    linux linux kernel 2.2.7
    linux linux kernel 2.2.8
    linux linux kernel 2.2.9
    linux linux kernel 2.2.10
    linux linux kernel 2.2.11
    linux linux kernel 2.2.12
    linux linux kernel 2.2.13
    linux linux kernel 2.2.14
    linux linux kernel 2.2.15
    linux linux kernel 2.2.16
    linux linux kernel 2.2.17
    linux linux kernel 2.2.18
    linux linux kernel 2.2.19
    linux linux kernel 2.4.2
    linux linux kernel 2.4.3
    linux linux kernel 2.4.7
    linux linux kernel 2.4.8
    linux linux kernel 2.4.9
    linux linux kernel 2.4.10
    linux linux kernel 2.2.0
    linux linux kernel 2.2.1
    linux linux kernel 2.4.3
    linux linux kernel 2.4.7
    linux linux kernel 2.2.5
    linux linux kernel 2.2.19
    linux linux kernel 2.2.14
    linux linux kernel 2.4.10
    linux linux kernel 2.4.2
    linux linux kernel 2.4.8
    linux linux kernel 2.4.9
    linux linux kernel 2.2.2
    linux linux kernel 2.2.3
    linux linux kernel 2.2.7
    linux linux kernel 2.2.8
    linux linux kernel 2.2.9
    linux linux kernel 2.2.10
    linux linux kernel 2.2.11
    linux linux kernel 2.2.12
    linux linux kernel 2.2.13
    linux linux kernel 2.2.15
    linux linux kernel 2.2.16
    linux linux kernel 2.2.17
    linux linux kernel 2.2.18
    linux linux kernel 2.2.4
    linux linux kernel 2.2.6
    redhat linux 6.2
    suse suse linux 6.3
    suse suse linux 6.4
    mandrakesoft mandrake linux 7.1
    trustix secure linux 1.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    suse suse linux 7.0
    conectiva linux 6.0
    mandrakesoft mandrake linux corporate server 1.0.1
    suse suse linux 7.1
    redhat linux 7.1
    trustix secure linux 1.01
    trustix secure linux 1.2
    mandrakesoft mandrake linux 8.0
    conectiva linux 5.0
    conectiva linux prg_graficos
    conectiva linux ecommerce
    conectiva linux 5.1
    mandrakesoft mandrake single network firewall 7.2
    suse suse linux 7.2
    conectiva linux 7.0
    trustix secure linux 1.5
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    hp secure os 1.0
    suse suse linux 7.3
    redhat linux 7.3