Lucene search

K

[email protected]CVE-2009-1895

HistoryJul 16, 2009 - 3:30 p.m.

CVE-2009-1895

2009-07-1615:30:00

CWE-16

[email protected]

web.nvd.nist.gov

74

11

linux

kernel

memory usage

security

cve-2009-1895

5 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.4%

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.31
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10

References

blog.cr0.org/2009/06/bypassing-linux-null-pointer.html

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6

patchwork.kernel.org/patch/32598/

secunia.com/advisories/35801

secunia.com/advisories/36045

secunia.com/advisories/36051

secunia.com/advisories/36054

secunia.com/advisories/36116

secunia.com/advisories/36131

secunia.com/advisories/36759

secunia.com/advisories/37471

wiki.rpath.com/Advisories:rPSA-2009-0111

www.debian.org/security/2009/dsa-1844

www.debian.org/security/2009/dsa-1845

www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc3

www.mandriva.com/security/advisories?name=MDVSA-2011:051

www.osvdb.org/55807

www.redhat.com/support/errata/RHSA-2009-1193.html

www.redhat.com/support/errata/RHSA-2009-1438.html

www.securityfocus.com/archive/1/505254/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/archive/1/512019/100/0/threaded

www.securityfocus.com/bid/35647

www.ubuntu.com/usn/usn-807-1

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/1866

www.vupen.com/english/advisories/2009/3316

bugs.launchpad.net/bugs/cve/2009-1895

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11768

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7826

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9453

rhn.redhat.com/errata/RHSA-2009-1540.html

rhn.redhat.com/errata/RHSA-2009-1550.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html

Social References

More

5 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.4%

Related for CVE-2009-1895

seebug1 veracode1 ubuntucve1 prion1 securityvulns2 nessus30 openvas52 fedora10 debian2 osv2 oraclelinux3 centos3 redhat5 ubuntu1 vmware3 suse1