Description
The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
Published: 2011-02-24
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2011-1028 The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.
History

No history.

Subscriptions

Redhat Enterprise Linux Fedora Policycoreutils
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T22:14:26.827Z

Reserved: 2011-02-14T00:00:00.000Z

Link: CVE-2011-1011

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-02-24T21:00:18.253

Modified: 2026-04-29T01:13:23.040

Link: CVE-2011-1011

cve-icon Redhat

Severity : Important

Publid Date: 2011-02-22T00:00:00Z

Links: CVE-2011-1011 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses