vendor:
Enterprise Linux
by:
Spender
7,2
CVSS
HIGH
SELinux Bypass
264
CWE
Product Name: Enterprise Linux
Affected Version From: 2.4
Affected Version To: 2.6
Patch Exists: YES
Related CWE: CVE-2009-2692
CPE: o:redhat:enterprise_linux
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1233/, https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0016-5-updated-service-console-package-kernel-cve-2009-2692/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-2692/, https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0010-cve-2009-2692/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1239/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-2692/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1457/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2009
Red Hat SELinux Vulnerability
This exploit is related to a vulnerability in Red Hat SELinux which allows an attacker to bypass the security policy and gain root access. The exploit was discovered by Julien Tinnes and Tavis Ormandy and was patched by Linus Torvalds in 2009. The exploit is based on a 8 year old vulnerability.
Mitigation:
The vulnerability can be mitigated by applying the patch released by Linus Torvalds in 2009.