CVE - CVE-2011-1011

CVE-ID
CVE-2011-1011	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
FULLDISC:20110222 Developers should not rely on the stickiness of /tmp on Red Hat Linux URL:http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html MLIST:[oss-security] 20110222 CVE Request URL:http://openwall.com/lists/oss-security/2011/02/23/1 MLIST:[oss-security] 20110223 Re: CVE Request URL:http://openwall.com/lists/oss-security/2011/02/23/2 CONFIRM:http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob;f=policycoreutils-rhat.patch;h=d4db5bc06027de23d12a4b3f18fa6f9b1517df27;hb=HEAD#l2197 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=633544 FEDORA:FEDORA-2011-3043 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html REDHAT:RHSA-2011:0414 URL:http://www.redhat.com/support/errata/RHSA-2011-0414.html BID:46510 URL:http://www.securityfocus.com/bid/46510 SECTRACK:1025291 URL:http://www.securitytracker.com/id?1025291 SECUNIA:43415 URL:http://secunia.com/advisories/43415 SECUNIA:44034 URL:http://secunia.com/advisories/44034 SECUNIA:43844 URL:http://secunia.com/advisories/43844 VUPEN:ADV-2011-0864 URL:http://www.vupen.com/english/advisories/2011/0864 VUPEN:ADV-2011-0701 URL:http://www.vupen.com/english/advisories/2011/0701 XF:policycoreutils-seunshare-symlink(65641) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/65641
Assigning CNA
N/A
Date Entry Created
20110214	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org