1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.3%
The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in
the Linux kernel before 2.6.37, when the Linux Security Modules (LSM)
framework is disabled, allows local users to bypass Integrity Measurement
Architecture (IMA) rules in opportunistic circumstances by leveraging an
administrator’s addition of an IMA rule for LSM.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | < 2.6.32-29.57 | UNKNOWN |
ubuntu | 10.10 | noarch | linux | < 2.6.35-27.47 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-313.25 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-maverick | < 2.6.35-28.50~lucid1 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-mvl-dove | < 2.6.32-214.30 | UNKNOWN |
ubuntu | 10.10 | noarch | linux-mvl-dove | < 2.6.32-414.30 | UNKNOWN |
ubuntu | 10.10 | noarch | linux-ti-omap4 | < 2.6.35-903.31 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2011-0006
nvd.nist.gov/vuln/detail/CVE-2011-0006
security-tracker.debian.org/tracker/CVE-2011-0006
ubuntu.com/security/notices/USN-1080-1
ubuntu.com/security/notices/USN-1080-2
ubuntu.com/security/notices/USN-1081-1
ubuntu.com/security/notices/USN-1093-1
ubuntu.com/security/notices/USN-1187-1
ubuntu.com/security/notices/USN-1394-1
www.cve.org/CVERecord?id=CVE-2011-0006
www.redhat.com/archives/rhsa-announce/2011-May/msg00008.html