Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12167
HistorySep 02, 2009 - 12:00 a.m.

Linux Kernel mmap_min_addr低内存区空指针引用漏洞

2009-09-0200:00:00
Root
www.seebug.org
27

0.0004 Low

EPSS

Percentile

8.6%

JSON

BUGTRAQ ID: 36051
CVE(CAN) ID: CVE-2009-2695

Linux Kernel是开放源码操作系统Linux所使用的内核。

Red Hat Enterprise Linux 5.3的selinux-policy软件包提供了SELinux布尔值allow_unconfined_mmap_low,用于控制是否对在不受限制域(如unconfined_t或initrc_t)中所运行的进程应用mmap_min_addr限制。但 allow_unconfined_mmap_low布尔值设置没有正确地应用到unconfined_t域,即使设置为关闭仍允许将 unconfined_t进程映射到低内存页。本地用户可以利用这个漏洞绕过mmap_min_addr保护机制触发空指针引用,导致内核崩溃或以超级用户权限执行任意指令。

Linux kernel 2.6.x
RedHat Linux 5 server
厂商补丁:

Linux

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://git.kernel.org/linus/9c0d90103c7e0eb6e638e5b649e9f6d8d9c1b4b3
http://git.kernel.org/linus/8cf948e744e0218af604c32edecde10006dc8e9e
http://git.kernel.org/linus/788084aba2ab7348257597496befcbccabdc98a3
http://git.kernel.org/linus/1d9959734a1949ea4f2427bd2d8b21ede6b2441c

Related

ubuntucve 1
prion 1
veracode 1
cve 1
nessus 21
redhat 5
centos 1
openvas 17
oraclelinux 2
debian 2
osv 2
securityvulns 1
fedora 1
ubuntu 1
vmware 4
ubuntucve
ubuntucve
CVE-2009-2695
2009-08-28 00:00:00
prion
prion
Null pointer dereference
2009-08-28 15:30:00
veracode
veracode
Privilege Escalation
2020-04-10 00:39:00
cve
cve
CVE-2009-2695
2009-08-28 15:30:00
nessus
nessus
RHEL 5 : kernel (RHSA-2009:1587)
2013-01-24 00:00:00
RHEL 5 : kernel (RHSA-2009:1672)
2013-01-24 00:00:00
Fedora 11 : kernel-2.6.29.6-217.2.16.fc11 (2009-9044)
2009-08-27 00:00:00
redhat
redhat
(RHSA-2009:1672) Important: kernel security and bug fix update
2009-12-15 00:00:00
(RHSA-2009:1587) Important: kernel security and bug fix update
2009-11-17 00:00:00
(RHSA-2009:1548) Important: kernel security and bug fix update
2009-11-03 00:00:00
centos
centos
kernel security update
2009-11-04 19:57:14
openvas
openvas
Oracle: Security Advisory (ELSA-2009-1548)
2015-10-08 00:00:00
RedHat Security Advisory RHSA-2009:1548
2009-11-11 00:00:00
CentOS Update for kernel CESA-2009:1548 centos5 i386
2011-08-09 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2009-11-03 00:00:00
Oracle Enterprise Linux 5.5 kernel security and bug fix update
2010-04-05 00:00:00
debian
debian
[SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities
2009-10-23 15:58:04
[SECURITY] [DSA 2004-1] New Linux 2.6.24 packages fix several vulnerabilities
2010-03-01 03:53:30
osv
osv
linux-2.6 - several vulnerabilities
2009-10-22 00:00:00
linux-2.6.24 - several vulnerabilities
2010-02-27 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities
2009-10-23 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: kernel-2.6.29.6-217.2.16.fc11
2009-08-27 02:19:22
ubuntu
ubuntu
Linux kernel vulnerabilities
2009-10-22 00:00:00
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00

0.0004 Low

EPSS

Percentile

8.6%

JSON
Related for SSV:12167
ubuntucve1prion1veracode1cve1nessus21redhat5centos1openvas17oraclelinux2debian2osv2securityvulns1fedora1ubuntu1vmware4