CVE-2011-0006

Severity

19%

Complexity

34%

Confidentiality

48%

The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.

The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.

CVSS 2.0 Base Score 1.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 12 years ago

2012-06-21 23:55:00

Last updated 12 years ago

2012-06-26 04:00:00

Affected Software

Linux Kernel 2.6.36.1

2.6.36.1

Linux Kernel 2.6.36.2

2.6.36.2

Linux Kernel 2.6.36.3

2.6.36.3

Linux Kernel

References

http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=867c20265459d30a01b021a9c1e81fb4c5832aa9

Patch

[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]

https://bugzilla.redhat.com/show_bug.cgi?id=667912

https://github.com/torvalds/linux/commit/867c20265459d30a01b021a9c1e81fb4c5832aa9

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.