REDHAT-BUG-716825: Infoleak

First published: Mon Jun 27 2011(Updated: )

/proc/PID/io may be used for gathering private information. E.g. for openssh and vsftpd daemons wchars/rchars may be used to learn the precise password length. [0/2] restrict statistics information to user <a href="https://lkml.org/lkml/2011/6/24/88">https://lkml.org/lkml/2011/6/24/88</a> [1/2] proc: restrict access to /proc/PID/io (<a href="https://access.redhat.com/security/cve/CVE-2011-2495">CVE-2011-2495</a>) <a href="https://patchwork.kernel.org/patch/916032/">https://patchwork.kernel.org/patch/916032/</a> [2/2] taskstats: restrict access to user (<a href="https://access.redhat.com/security/cve/CVE-2011-2494">CVE-2011-2494</a>) <a href="https://patchwork.kernel.org/patch/916042/">https://patchwork.kernel.org/patch/916042/</a> taskstats authorized_keys presence infoleak PoC <a href="http://seclists.org/oss-sec/2011/q2/659">http://seclists.org/oss-sec/2011/q2/659</a> Acknowledgements: Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/first-publish-date
• agent/last-modified-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2011-2495
• agent/source
• agent/severity
• agent/weakness
• agent/references
• agent/description
• agent/event
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/openssh
• canonical/gsi openssh
• vendor/vsftpd
• canonical/vsftpd