Linux Kernel 'tpm_read()' Information Disclosure Vulnerability
BID:50764
Info
Linux Kernel 'tpm_read()' Information Disclosure Vulnerability
| Bugtraq ID: | 50764 |
| Class: | Design Error |
| CVE: |
CVE-2011-1162 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 22 2011 12:00AM |
| Updated: | Dec 27 2013 12:18AM |
| Credit: | Peter Huewe |
| Vulnerable: |
Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Red Hat MRG Realtime for RHEL 6 Server 2 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 OpenVZ Project OpenVZ 042stab039.10 OpenVZ Project OpenVZ 042stab037.1 OpenVZ Project OpenVZ 028stab095.1 OpenVZ Project OpenVZ 028stab092.2 OpenVZ Project OpenVZ 028stab091.1 OpenVZ Project OpenVZ 028stab089.1 OpenVZ Project OpenVZ 028stab085.2 OpenVZ Project OpenVZ 028stab081.1 OpenVZ Project OpenVZ 023stab054.1 OpenVZ Project OpenVZ 023stab053.2 Linux kernel 2.6.36 Linux kernel 2.6.35 Linux kernel 2.6.34 Linux kernel 2.6.33 .1 Linux kernel 2.6.33 Linux kernel 2.6.32 .9 Linux kernel 2.6.32 Linux kernel 2.6.31 5 Linux kernel 2.6.31 13 Linux kernel 2.6.31 .2 Linux kernel 2.6.31 .11 Linux kernel 2.6.31 -rc7 Linux kernel 2.6.31 -rc6 Linux kernel 2.6.31 -rc3 Linux kernel 2.6.31 -rc1 Linux kernel 2.6.31 Linux kernel 2.6.30 .10 Linux kernel 2.6.30 .1 Linux kernel 2.6.30 -rc6 Linux kernel 2.6.30 -rc5 Linux kernel 2.6.30 -rc3 Linux kernel 2.6.30 -rc2 Linux kernel 2.6.30 -rc1 Linux kernel 2.6.30 Linux kernel 2.6.36-rc8 Linux kernel 2.6.36-rc6 Linux kernel 2.6.36-rc5 Linux kernel 2.6.36-rc4 Linux kernel 2.6.36-rc1 Linux kernel 2.6.35.5 Linux kernel 2.6.35.4 Linux kernel 2.6.35.1 Linux kernel 2.6.35-rc6 Linux kernel 2.6.35-rc5-git5 Linux kernel 2.6.35-rc5 Linux kernel 2.6.35-rc4 Linux kernel 2.6.35-rc1 Linux kernel 2.6.34.3 Linux kernel 2.6.34.2 Linux kernel 2.6.34.1 Linux kernel 2.6.34-rc6 Linux kernel 2.6.34-rc5 Linux kernel 2.6.34-rc4 Linux kernel 2.6.34-rc2-git1 Linux kernel 2.6.34-rc2 Linux kernel 2.6.34-rc1 Linux kernel 2.6.33.7 Linux kernel 2.6.33-rc8 Linux kernel 2.6.33-rc7 Linux kernel 2.6.33-rc7 Linux kernel 2.6.33-rc6-git5 Linux kernel 2.6.33-rc6 Linux kernel 2.6.33-rc5 Linux kernel 2.6.33-rc4 Linux kernel 2.6.33-rc1 Linux kernel 2.6.32.8 Linux kernel 2.6.32.7 Linux kernel 2.6.32.6 Linux kernel 2.6.32.5 Linux kernel 2.6.32.4 Linux kernel 2.6.32.3 Linux kernel 2.6.32.22 Linux kernel 2.6.32.2 Linux kernel 2.6.32.18 Linux kernel 2.6.32.17 Linux kernel 2.6.32.16 Linux kernel 2.6.32.15 Linux kernel 2.6.32.14 Linux kernel 2.6.32.13 Linux kernel 2.6.32.12 Linux kernel 2.6.32.11 Linux kernel 2.6.32.10 Linux kernel 2.6.32.1 Linux kernel 2.6.32-rc8 Linux kernel 2.6.32-rc7 Linux kernel 2.6.32-rc5 Linux kernel 2.6.32-rc4 Linux kernel 2.6.32-rc3 Linux kernel 2.6.32-rc2 Linux kernel 2.6.32-rc1 Linux kernel 2.6.31.6 Linux kernel 2.6.31.4 Linux kernel 2.6.31.1 Linux kernel 2.6.31-rc9 Linux kernel 2.6.31-rc8 Linux kernel 2.6.31-rc5-git3 Linux kernel 2.6.31-rc4 Linux kernel 2.6.31-rc2 Linux kernel 2.6.31-git11 Linux kernel 2.6.30.5 Linux kernel 2.6.30.4 Linux kernel 2.6.30.3 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IP Office Application Server 8.1 Avaya IP Office Application Server 8.0 Avaya IP Office Application Server 7.0 Avaya IP Office Application Server 6.1 Avaya IP Office Application Server 6.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.1 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura SIP Enablement Services 5.2.1 Avaya Aura SIP Enablement Services 5.2 Avaya Aura Session Manager 6.2.1 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.0.1 Avaya Aura Communication Manager 6.0 Avaya Aura Communication Manager 5.2 Avaya Aura Application Server 5300 SIP Core 2.1 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 |
| Not Vulnerable: |
OpenVZ Project OpenVZ 042stab044.11 OpenVZ Project OpenVZ 028stab098.1 |
Discussion
Linux Kernel 'tpm_read()' Information Disclosure Vulnerability
The Linux kernel is prone to an information-disclosure vulnerability.
Successful exploits may allow attackers to obtain potentially sensitive information that may aid other attacks.
The Linux kernel is prone to an information-disclosure vulnerability.
Successful exploits may allow attackers to obtain potentially sensitive information that may aid other attacks.
Exploit / POC
Linux Kernel 'tpm_read()' Information Disclosure Vulnerability
Attackers can use readily available tools to exploit this issue.
Attackers can use readily available tools to exploit this issue.
Solution / Fix
Linux Kernel 'tpm_read()' Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Linux Kernel 'tpm_read()' Information Disclosure Vulnerability
References:
References:
- Download/kernel/rhel5/028stab098.1 (OpenVZ Project)
- Download/kernel/rhel6/042stab044.11 (OpenVZ Project)
- Linux kernel Homepage (kernel.org)
- tpm_read() CVE-2011-1162 (Red Hat)
- ASA-2011-370 kernel security and bug fix update (RHSA-2011-1465) (Avaya)
- ASA-2011-422 kernel security, bug fix, and enhancement update (RHSA-2011-1479) (Avaya)