OpenCVE

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Fedora Policycoreutils

Configuration 1 [-]

AND

OR	cpe:2.3:a:redhat:policycoreutils::::::::
	cpe:2.3:a:redhat:policycoreutils:1.0:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.1:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.2:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.4:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.6:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.8:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.10:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.12:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.14:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.16:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.18:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.20:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.1:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.2:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.3:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.4:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.5:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.6:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.7:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.8:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.9:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.10:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.11:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.12:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.13:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.14:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.15:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.16:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.17:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.18:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.19:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.20:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.21:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.21.22:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.22:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.1:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.2:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.3:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.4:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.5:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.6:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.7:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.8:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.9:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.10:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.23.11:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.24:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.25.1:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.25.2:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.25.3:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.25.4:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.25.5:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.25.6:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.25.7:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.25.8:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.25.9:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.26:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.27.1:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.27.2:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.27.3:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.27.4:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.27.5:::::::*
	cpe:2.3:a:redhat:policycoreutils:1.27.6:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.7:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.8:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.9:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.10:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.11:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.12:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.13:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.14:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.15:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.16:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.17:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.18:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.19:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.20:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.21:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.22:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.23:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.24:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.25:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.26:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.27:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.28:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.29:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.30:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.31:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.32:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.33:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.34:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.35:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.36:::::::*
cpe:2.3:a:redhat:policycoreutils:1.27.37:::::::*
cpe:2.3:a:redhat:policycoreutils:1.28:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.1:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.2:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.3:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.4:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.5:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.6:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.7:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.8:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.9:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.10:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.11:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.12:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.13:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.14:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.15:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.16:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.17:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.18:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.19:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.20:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.21:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.22:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.23:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.24:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.25:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.26:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.27:::::::*
cpe:2.3:a:redhat:policycoreutils:1.29.28:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.1:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.2:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.3:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.4:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.5:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.6:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.7:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.8:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.9:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.10:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.11:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.12:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.13:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.14:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.15:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.16:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.17:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.18:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.19:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.20:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.21:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.22:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.23:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.24:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.25:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.26:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.27:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.28:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.29:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.30:::::::*
cpe:2.3:a:redhat:policycoreutils:1.30.31:::::::*
cpe:2.3:a:redhat:policycoreutils:1.32:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.1:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.2:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.3:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.4:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.5:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.6:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.7:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.8:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.9:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.10:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.11:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.12:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.13:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.14:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.15:::::::*
cpe:2.3:a:redhat:policycoreutils:1.33.16:::::::*
cpe:2.3:a:redhat:policycoreutils:1.34.0:::::::*
cpe:2.3:a:redhat:policycoreutils:1.34.1:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.0:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.1:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.2:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.3:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.4:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.5:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.6:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.7:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.8:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.9:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.10:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.11:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.12:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.13:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.14:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.15:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.16:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.17:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.18:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.19:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.20:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.21:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.22:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.23:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.24:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.25:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.26:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.27:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.28:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.29:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.30:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.31:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.32:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.33:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.34:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.35:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.36:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.37:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.38:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.39:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.40:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.41:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.42:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.43:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.44:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.45:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.46:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.47:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.48:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.49:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.50:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.51:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.52:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.53:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.54:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.55:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.56:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.57:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.58:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.59:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.60:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.61:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.62:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.63:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.64:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.65:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.66:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.67:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.68:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.69:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.70:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.71:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.72:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.73:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.74:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.75:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.76:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.77:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.78:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.79:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.80:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.81:::::::*
cpe:2.3:a:redhat:policycoreutils:2.0.82:::::::*

OR	cpe:2.3:o:redhat:enterprise_linux:3:::::::*
	cpe:2.3:o:redhat:enterprise_linux:4:::::::*
	cpe:2.3:o:redhat:enterprise_linux:5:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:fedora:6:::::::*
	cpe:2.3:o:redhat:fedora:7:::::::*
	cpe:2.3:o:redhat:fedora:8:::::::*
	cpe:2.3:o:redhat:fedora:9:::::::*
	cpe:2.3:o:redhat:fedora:10:::::::*
	cpe:2.3:o:redhat:fedora:12:::::::*
	cpe:2.3:o:redhat:fedora:13:::::::*
	cpe:2.3:o:redhat:fedora:14:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
policycoreutils-0:2.0.83-19.8.el6_0	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:0414	2011-04-04T00:00:00Z
selinux-policy-0:3.7.19-54.el6_0.5	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:0414	2011-04-04T00:00:00Z

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html
http://openwall.com/lists/oss-security/2011/02/23/1
http://openwall.com/lists/oss-security/2011/02/23/2
http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197
http://secunia.com/advisories/43415
http://secunia.com/advisories/43844
http://secunia.com/advisories/44034
http://www.redhat.com/support/errata/RHSA-2011-0414.html
http://www.securityfocus.com/bid/46510
http://www.securitytracker.com/id?1025291
http://www.vupen.com/english/advisories/2011/0701
http://www.vupen.com/english/advisories/2011/0864
https://bugzilla.redhat.com/show_bug.cgi?id=633544
https://exchange.xforce.ibmcloud.com/vulnerabilities/65641
https://nvd.nist.gov/vuln/detail/CVE-2011-1011
https://www.cve.org/CVERecord?id=CVE-2011-1011

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-02-24T20:00:00

Updated: 2024-08-06T22:14:26.827Z

Reserved: 2011-02-14T00:00:00

Link: CVE-2011-1011

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-02-24T21:00:18.253

Modified: 2024-11-21T01:25:19.537

Link: CVE-2011-1011

Redhat

Severity : Important

Publid Date: 2011-02-22T00:00:00Z

Links: CVE-2011-1011 - Bugzilla

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object