Summary: | Linux <2.6.30.2 personality: fix PER_CLEAR_ON_SETID (CVE-2009-1895) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Kernel | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | cilly, hardened-kernel+disabled, kernel | ||||
Priority: | High | Keywords: | InVCS | ||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6 | ||||||
Whiteboard: | [linux >=2.6.23 <2.6.27.27] [linux >=2.6.28 <2.6.30.2] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-07-13 21:05:04 UTC
InSVN for the next release of gentoo-sources (2.6.30-r3) CVE-2009-1895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1895): The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). Created attachment 198328 [details, diff]
Patch
*** Bug 278467 has been marked as a duplicate of this bug. *** |