What is the severity of CVE-2011-3151?

CVE-2011-3151 is considered a moderate severity vulnerability due to its potential for exploitation in a world-writable directory.

How do I fix CVE-2011-3151?

To fix CVE-2011-3151, upgrade the SELinux initscript to version 1:0.10 or later.

What systems are affected by CVE-2011-3151?

CVE-2011-3151 affects Ubuntu systems running SELinux initscript versions prior to 1:0.10.

What is the impact of CVE-2011-3151?

The impact of CVE-2011-3151 allows an attacker to create a zero byte file on any writable filesystem if symlink protections are not enabled.

Can CVE-2011-3151 be exploited remotely?

CVE-2011-3151 generally requires local access to the system to exploit, as it involves manipulation of directories and files.

Vulnerability/
CVE-2011-3151

medium

5.9

CWE

693

21/12/2011

6/8/2024

CVE-2011-3151: SELinux initscript misuse of touch

First published: Wed Dec 21 2011(Updated: )

The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
SELinux	<1\:0.10

Remedy

https://launchpadlibrarian.net/88098106/selinux_0.10~10.04.1.debdiff

Never miss a vulnerability like this again

Reference Links

https://launchpadlibrarian.net/88098106/selinux_0.10~10.04.1.debdiff

Frequently Asked Questions

What is the severity of CVE-2011-3151?
CVE-2011-3151 is considered a moderate severity vulnerability due to its potential for exploitation in a world-writable directory.
How do I fix CVE-2011-3151?
To fix CVE-2011-3151, upgrade the SELinux initscript to version 1:0.10 or later.
What systems are affected by CVE-2011-3151?
CVE-2011-3151 affects Ubuntu systems running SELinux initscript versions prior to 1:0.10.
What is the impact of CVE-2011-3151?
The impact of CVE-2011-3151 allows an attacker to create a zero byte file on any writable filesystem if symlink protections are not enabled.
Can CVE-2011-3151 be exploited remotely?
CVE-2011-3151 generally requires local access to the system to exploit, as it involves manipulation of directories and files.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/severity
agent/weakness
agent/last-modified-date
agent/references
agent/remedy
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/canonical
canonical/selinux

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2011-3151?
CVE-2011-3151 is considered a moderate severity vulnerability due to its potential for exploitation in a world-writable directory.
How do I fix CVE-2011-3151?
To fix CVE-2011-3151, upgrade the SELinux initscript to version 1:0.10 or later.
What systems are affected by CVE-2011-3151?
CVE-2011-3151 affects Ubuntu systems running SELinux initscript versions prior to 1:0.10.
What is the impact of CVE-2011-3151?
The impact of CVE-2011-3151 allows an attacker to create a zero byte file on any writable filesystem if symlink protections are not enabled.
Can CVE-2011-3151 be exploited remotely?
CVE-2011-3151 generally requires local access to the system to exploit, as it involves manipulation of directories and files.