Strix
26.1K

CVE-2011-1011

UnknownEPSS 0.37%

Last modified

CVE-2011-1011 is a vulnerability of currently unknown severity. The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.

Description

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.

Metrics

EPSS Probability
0.37%

28.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
RedhatPolicycoreutils<= 2.0.83
RedhatPolicycoreutils1.0
RedhatPolicycoreutils1.1
RedhatPolicycoreutils1.2
RedhatPolicycoreutils1.4
RedhatPolicycoreutils1.6
RedhatPolicycoreutils1.8
RedhatPolicycoreutils1.10
RedhatPolicycoreutils1.12
RedhatPolicycoreutils1.14
RedhatPolicycoreutils1.16
RedhatPolicycoreutils1.18
RedhatPolicycoreutils1.20
RedhatPolicycoreutils1.21.1
RedhatPolicycoreutils1.21.2
RedhatPolicycoreutils1.21.3
RedhatPolicycoreutils1.21.4
RedhatPolicycoreutils1.21.5
RedhatPolicycoreutils1.21.6
RedhatPolicycoreutils1.21.7
RedhatPolicycoreutils1.21.8
RedhatPolicycoreutils1.21.9
RedhatPolicycoreutils1.21.10
RedhatPolicycoreutils1.21.11
RedhatPolicycoreutils1.21.12
RedhatPolicycoreutils1.21.13
RedhatPolicycoreutils1.21.14
RedhatPolicycoreutils1.21.15
RedhatPolicycoreutils1.21.16
RedhatPolicycoreutils1.21.17
RedhatPolicycoreutils1.21.18
RedhatPolicycoreutils1.21.19
RedhatPolicycoreutils1.21.20
RedhatPolicycoreutils1.21.21
RedhatPolicycoreutils1.21.22
RedhatPolicycoreutils1.22
RedhatPolicycoreutils1.23.1
RedhatPolicycoreutils1.23.2
RedhatPolicycoreutils1.23.3
RedhatPolicycoreutils1.23.4
RedhatPolicycoreutils1.23.5
RedhatPolicycoreutils1.23.6
RedhatPolicycoreutils1.23.7
RedhatPolicycoreutils1.23.8
RedhatPolicycoreutils1.23.9
RedhatPolicycoreutils1.23.10
RedhatPolicycoreutils1.23.11
RedhatPolicycoreutils1.24
RedhatPolicycoreutils1.25.1
RedhatPolicycoreutils1.25.2

Showing 50 of 270 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-1011?
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
How severe is CVE-2011-1011?
Severity scoring for CVE-2011-1011 is pending analysis. The EPSS model estimates a 0.37% probability of exploitation in the next 30 days.
How do I fix CVE-2011-1011?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-1011?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST