vendor:
Linux Kernel
by:
Jamie Lokier
7.2
CVSS
HIGH
Permission Model Under /proc/PID/fd
264
CWE
Product Name: Linux Kernel
Affected Version From: 2.6.32-rc3
Affected Version To: 2.6.32-rc3
Patch Exists: NO
Related CWE: N/A
CPE: o:linux:linux_kernel
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2009
Linux /proc Security Hole
A security hole exists in the current permission model under /proc/PID/fd, which allows a user to work around directory permissions in the background using the /proc filesystem.
Mitigation:
Ensure that all files and directories have the correct permissions set and that no user can access files or directories they should not be able to.