CVE - CVE-2011-1011

CVE-ID
CVE-2011-1011	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:46510 URL:http://www.securityfocus.com/bid/46510 CONFIRM:http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob;f=policycoreutils-rhat.patch;h=d4db5bc06027de23d12a4b3f18fa6f9b1517df27;hb=HEAD#l2197 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=633544 FEDORA:FEDORA-2011-3043 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html FULLDISC:20110222 Developers should not rely on the stickiness of /tmp on Red Hat Linux URL:http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html MLIST:[oss-security] 20110222 CVE Request URL:http://openwall.com/lists/oss-security/2011/02/23/1 MLIST:[oss-security] 20110223 Re: CVE Request URL:http://openwall.com/lists/oss-security/2011/02/23/2 REDHAT:RHSA-2011:0414 URL:http://www.redhat.com/support/errata/RHSA-2011-0414.html SECTRACK:1025291 URL:http://www.securitytracker.com/id?1025291 SECUNIA:43415 URL:http://secunia.com/advisories/43415 SECUNIA:43844 URL:http://secunia.com/advisories/43844 SECUNIA:44034 URL:http://secunia.com/advisories/44034 VUPEN:ADV-2011-0701 URL:http://www.vupen.com/english/advisories/2011/0701 VUPEN:ADV-2011-0864 URL:http://www.vupen.com/english/advisories/2011/0864 XF:policycoreutils-seunshare-symlink(65641) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/65641
Assigning CNA
Red Hat, Inc.
Date Entry Created
20110214	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org