Vulnerability Name: | CVE-2011-1011 (CCN-65641) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2011-02-22 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2011-02-22 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
6.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | File Manipulation | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: CCN Type: Full-Disclosure Mailing List, Tue Feb 22 2011 Developers should not rely on the stickiness of /tmp on Red Hat Linux Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: MITRE Type: CNA CVE-2011-1011 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2011-0414 Important: policycoreutils security update Source: CCN Type: SA43415 policycoreutils seunshare Temporary Directory Security Bypass Weakness Source: CCN Type: SELinux Web site policycoreutils Source: CCN Type: OSVDB ID: 72541 Red Hat Linux policycoreutils seunshare sandbox/seunshare.c seunshare_mount Function /tmp Sticky Bit Manipulation Local Privilege Escalation Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-46510 policycoreutils 'seunshare' Insecure Temporary Directory Creation Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 633544 CVE-2011-1011 policycoreutils: insecure temporary directory handling in seunshare Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN policycoreutils-seunshare-symlink(65641) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1:![]() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |