First published: Mon Jun 27 2011(Updated: )
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/linux-2.6 | ||
Linux kernel | =3.0.25 | |
Linux kernel | =3.0.22 | |
Linux kernel | =3.0.5 | |
Linux kernel | =3.0.18 | |
Linux kernel | =3.0.6 | |
Linux kernel | =3.0.11 | |
Linux kernel | =3.0.32 | |
Linux kernel | =3.0.19 | |
Linux kernel | =3.0.4 | |
Linux kernel | =3.0.27 | |
Linux kernel | =3.0.23 | |
Linux kernel | =3.0.8 | |
Linux kernel | =3.0.33 | |
Linux kernel | =3.0.28 | |
Linux kernel | =3.0.13 | |
Linux kernel | =3.0.10 | |
Linux kernel | =3.0.1 | |
Linux kernel | =3.0.17 | |
Linux kernel | =3.0.16 | |
Linux kernel | =3.0.21 | |
Linux kernel | =3.0.7 | |
Linux kernel | =3.0.20 | |
Linux kernel | =3.0.24 | |
Linux kernel | =3.0.15 | |
Linux kernel | =3.0.2 | |
Linux kernel | <=3.0.34 | |
Linux kernel | =3.0.12 | |
Linux kernel | =3.0.3 | |
Linux kernel | =3.0.9 | |
Linux kernel | =3.0.26 | |
Linux kernel | =3.0.30 | |
Linux kernel | =3.0.31 | |
Linux kernel | =3.0.29 | |
Linux kernel | =3.0.14 | |
Linux Kernel | <=3.0.34 | |
Linux Kernel | =3.0.1 | |
Linux Kernel | =3.0.2 | |
Linux Kernel | =3.0.3 | |
Linux Kernel | =3.0.4 | |
Linux Kernel | =3.0.5 | |
Linux Kernel | =3.0.6 | |
Linux Kernel | =3.0.7 | |
Linux Kernel | =3.0.8 | |
Linux Kernel | =3.0.9 | |
Linux Kernel | =3.0.10 | |
Linux Kernel | =3.0.11 | |
Linux Kernel | =3.0.12 | |
Linux Kernel | =3.0.13 | |
Linux Kernel | =3.0.14 | |
Linux Kernel | =3.0.15 | |
Linux Kernel | =3.0.16 | |
Linux Kernel | =3.0.17 | |
Linux Kernel | =3.0.18 | |
Linux Kernel | =3.0.19 | |
Linux Kernel | =3.0.20 | |
Linux Kernel | =3.0.21 | |
Linux Kernel | =3.0.22 | |
Linux Kernel | =3.0.23 | |
Linux Kernel | =3.0.24 | |
Linux Kernel | =3.0.25 | |
Linux Kernel | =3.0.26 | |
Linux Kernel | =3.0.27 | |
Linux Kernel | =3.0.28 | |
Linux Kernel | =3.0.29 | |
Linux Kernel | =3.0.30 | |
Linux Kernel | =3.0.31 | |
Linux Kernel | =3.0.32 | |
Linux Kernel | =3.0.33 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-2494 has a moderate severity rating as it allows local users to obtain sensitive information.
To fix CVE-2011-2494, upgrade your Linux kernel to version 3.1 or later.
CVE-2011-2494 affects local users of versions of the Linux kernel prior to 3.1.
CVE-2011-2494 can be exploited to disclose sensitive I/O statistics, including potentially discovering user passwords.
CVE-2011-2494 was discovered and reported in June 2011.