CVE-2011-1020

Linux Kernel < 2.6.37 - Unauthorized Information Exposure via Proc Filesystem

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1020. PoCs published by halfdog.

AI-analyzed exploit summary This exploit leverages a Linux kernel bug (CVE-2011-1020) to retain access to /proc entries of a process after it executes a SUID binary, allowing information disclosure or modification of process settings. The PoC includes scripts to monitor syscalls, stack, limits, and modify core dump flags of privileged processes.

Description

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

Exploits (1)

exploitdb WORKING POC

by halfdog · textlocallinux

https://www.exploit-db.com/exploits/41770

View Code ZIP pw:eip

This exploit leverages a Linux kernel bug (CVE-2011-1020) to retain access to /proc entries of a process after it executes a SUID binary, allowing information disclosure or modification of process settings. The PoC includes scripts to monitor syscalls, stack, limits, and modify core dump flags of privileged processes.

Classification

Working Poc 90%

Attack Type

Info Leak | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel 2.6.32-27-generic (Ubuntu Lucid)

No auth needed

Prerequisites: Access to a vulnerable Linux system · Ability to execute SUID binaries

MITRE ATT&CK