what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2009-1895

Status Candidate

Overview

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

Related Files

Mandriva Linux Security Advisory 2011-051
Posted Mar 21, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-051 - The Linux 2.6 kernel has been updated to mitigate multiple vulnerabilities related to denial of service, arbitrary code execution, stack memory disclosure, restriction bypass, and more.

tags | advisory, denial of service, arbitrary, kernel, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2010-2240, CVE-2010-4165, CVE-2010-4072, CVE-2010-4073, CVE-2010-4083, CVE-2010-4078, CVE-2010-3297, CVE-2010-3437, CVE-2010-2946, CVE-2010-3310, CVE-2010-3067, CVE-2010-0007, CVE-2010-3875, CVE-2010-2248, CVE-2009-1895, CVE-2009-2768, CVE-2009-3726, CVE-2009-2698, CVE-2009-3080, CVE-2010-2521, CVE-2007-1592, CVE-2010-3850
MD5 | f2ce03c37e6b21cbf22fe118915e6000
VMware Security Advisory 2010-0010
Posted Jun 26, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - Multiple security vulnerabilities have been addressed in the ESX 3.5 third party update for Service Console kernel.

tags | advisory, kernel, vulnerability
advisories | CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, CVE-2009-3547, CVE-2009-2698, CVE-2009-2692
MD5 | e4196a7c8913b5f43c7453aff28107c4
Mandriva Linux Security Advisory 2009-289
Posted Oct 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-289 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from buffer overflows to denial of service vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2908, CVE-2009-3290
MD5 | 753e062f7da14ef5264d0068d02c7cea
Debian Linux Security Advisory 1845-1
Posted Jul 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1845-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2009-1895, CVE-2009-2287, CVE-2009-2406, CVE-2009-2407
MD5 | cb937ef420ca39f3a63daa8f91116bab
Debian Linux Security Advisory 1844-1
Posted Jul 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1844-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2009-1385, CVE-2009-1389, CVE-2009-1630, CVE-2009-1633, CVE-2009-1895, CVE-2009-1914, CVE-2009-1961, CVE-2009-2406, CVE-2009-2407
MD5 | 97a5d0636d003814283d4ac9ef9f4e82
Ubuntu Security Notice 807-1
Posted Jul 29, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-807-1 - Michael Tokarev discovered that the RTL8169 network driver did not correctly validate buffer sizes. A remote attacker on the local network could send specially traffic traffic that would crash the system or potentially grant elevated privileges. Julien Tinnes and Tavis Ormandy discovered that when executing setuid processes the kernel did not clear certain personality flags. A local attacker could exploit this to map the NULL memory page, causing other vulnerabilities to become exploitable. Ubuntu 6.06 was not affected. Matt T. Yourst discovered that KVM did not correctly validate the page table root. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. Ramon de Carvalho Valle discovered that eCryptfs did not correctly validate certain buffer sizes. A local attacker could create specially crafted eCryptfs files to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected.

tags | advisory, remote, denial of service, kernel, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-1389, CVE-2009-1895, CVE-2009-2287, CVE-2009-2406, CVE-2009-2407
MD5 | e38a3fc62c247224d7479101484e3b18
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close