When dmesg_restrict is set to 1 CAP_SYS_ADMIN is needed to read the kernel ring buffer. But a root user without CAP_SYS_ADMIN is able to reset dmesg_restrict to 0. This is an issue when e.g. LXC (Linux Containers) are used and complete user space is running without CAP_SYS_ADMIN. A unprivileged and jailed root user can bypass the dmesg_restrict protection. Introduced by: eaf06b241b091357e72b76863ba16e89610d31bd Fixed by: bfdc0b497faa82a0ba2f9dddcf109231dd519fcc
Statement: Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.
Created kernel tracking bugs for this issue Affects: fedora-all [bug 749259]
The CVE identifier of CVE-2011-4080 has been assigned to this issue: [1] http://www.openwall.com/lists/oss-security/2011/10/26/10
(In reply to comment #5) > The CVE identifier of CVE-2011-4080 has been assigned to this issue: > [1] http://www.openwall.com/lists/oss-security/2011/10/26/10 And rejected. Removed CVE from the bugs.
This was fixed in RHSA-2012:0481 and RHBA-2012:0361. https://rhn.redhat.com/errata/RHBA-2012-0361.html (RHEL 5) https://rhn.redhat.com/errata/RHSA-2012-0481.html (RHEL 6)