Linux Kernel PROC Filesystem Local Information Disclosure Vulnerability

The Linux kernel /proc filesystem is reported susceptible to an information-disclosure vulnerability. This issue is due to a race-condition allowing unauthorized access to potentially sensitive process information.

This vulnerability may allow malicious local users to gain access to potentially sensitive environment variables in other users' processes. Since some programs pass passwords and other sensitive information in environment variables, this may aid a malicious user in further attacks.

Further details are unavailable at this time. This BID will be updated as further analysis is completed.


 

Privacy Statement
Copyright 2010, SecurityFocus