Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security
- english:
- Product Reviews:
- Business News:
- MAGIC QUADRANT :
- Market News:
- WHITE PAPER:
- Special Reports:
- Interviews:
- Opinion:
- EVENTS:
- Security Vulnerability:
- Malware Update:
- Diary:
- Guide & Podcast:
- Jobs:
- International News:
- CONTACTS:
- TRAINING :
Global Security Magazine Online antivirus
Product Reviews
Business News
MAGIC QUADRANT 
Market News
Special Reports
Opinion
EVENTS
Security Vulnerability
Malware Update
Diary
Guide & Podcast
Jobs
International News
CONTACTS
Flux RSS
| Vigil@nce: Linux kernel, incorrect permissions on devtmpfs |
| February 2010 by Vigil@nce |
| SYNTHESIS OF THE VULNERABILITY On a 2.6.32.x kernel, a local attacker can access to devtmpfs. Severity: 2/4 Consequences: data reading, data creation/edition Provenance: user shell Means of attack: no proof of concept, no attack Ability of attacker: expert (4/4) Confidence: confirmed by the editor (5/5) Diffusion of the vulnerable configuration: high (3/3) Creation date: 01/02/2010 IMPACTED PRODUCTS
DESCRIPTION OF THE VULNERABILITY The devtmpfs filesystem was added in the kernel 2.6.32. It is used to create device nodes, before mounting the / root, and before mounting it to /dev. A vulnerability, related to default access rights to devtmpfs, was announced. Technical details are unknown. On a 2.6.32.x kernel, a local attacker can thus for example directly access to some restricted devices. CHARACTERISTICS Identifiers: CVE-2010-0299, MDVSA-2010:030, SUSE-SA:2010:010, VIGILANCE-VUL-9396 |
< previous next > |
Linux kernel
