74463 – Kernel infoleak in /proc/.../cmdline (CAN-2004-1058)

Bug 74463 - Kernel infoleak in /proc/.../cmdline (CAN-2004-1058)

Summary: Kernel infoleak in /proc/.../cmdline (CAN-2004-1058)

Status:	RESOLVED DUPLICATE of bug 59905

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All All

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://www.ubuntulinux.org/support/do...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-12-15 02:49 UTC by Thierry Carrez (RETIRED)
Modified:	2005-07-17 13:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2004-12-15 02:49:59 UTC

CAN-2004-1058:
  Rob Landley discovered a race condition in the handling of /proc/.../cmdline.
  Under very rare circumstances an user could read the environment variables of
  another process that was still spawning. Environment variables are often used
  to pass passwords and other private information to other processes.

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2004-12-18 17:26:49 UTC


*** This bug has been marked as a duplicate of 59905 ***