Showing 1 - 6 of 6

CVE-2009-1895

Status Candidate

Overview

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

Related Files

Mandriva Linux Security Advisory 2011-051: Posted Mar 21, 2011; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2011-051 - The Linux 2.6 kernel has been updated to mitigate multiple vulnerabilities related to denial of service, arbitrary code execution, stack memory disclosure, restriction bypass, and more.; tags | advisory, denial of service, arbitrary, kernel, vulnerability, code execution; systems | linux, mandriva; advisories | CVE-2010-2240, CVE-2010-4165, CVE-2010-4072, CVE-2010-4073, CVE-2010-4083, CVE-2010-4078, CVE-2010-3297, CVE-2010-3437, CVE-2010-2946, CVE-2010-3310, CVE-2010-3067, CVE-2010-0007, CVE-2010-3875, CVE-2010-2248, CVE-2009-1895, CVE-2009-2768, CVE-2009-3726, CVE-2009-2698, CVE-2009-3080, CVE-2010-2521, CVE-2007-1592, CVE-2010-3850; SHA-256 | 4cde969b4cdb9c88d249a1bc077eb95b786a6396542e2655f3fdef84c6102638; Download | Favorite | View

VMware Security Advisory 2010-0010: Posted Jun 26, 2010; Authored by VMware | Site vmware.com; VMware Security Advisory - Multiple security vulnerabilities have been addressed in the ESX 3.5 third party update for Service Console kernel.; tags | advisory, kernel, vulnerability; advisories | CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, CVE-2009-3547, CVE-2009-2698, CVE-2009-2692; SHA-256 | aa1a26637b1e580254f4bbb305140b8c04268ad3825842369f0d59c42358231a; Download | Favorite | View

Mandriva Linux Security Advisory 2009-289: Posted Oct 27, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-289 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from buffer overflows to denial of service vulnerabilities.; tags | advisory, denial of service, overflow, kernel, vulnerability; systems | linux, mandriva; advisories | CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2908, CVE-2009-3290; SHA-256 | 9babe556d8283b253ed966788d3377e9f40ffcfb77f3fdc39643b95c68956950; Download | Favorite | View

Debian Linux Security Advisory 1845-1: Posted Jul 29, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1845-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation.; tags | advisory, denial of service, kernel, vulnerability; systems | linux, debian; advisories | CVE-2009-1895, CVE-2009-2287, CVE-2009-2406, CVE-2009-2407; SHA-256 | ddce2a1f54158deb8c3002cf6fd5f7f63349871281f4dfeaa4907542189e2839; Download | Favorite | View

Debian Linux Security Advisory 1844-1: Posted Jul 29, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1844-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.; tags | advisory, denial of service, kernel, vulnerability; systems | linux, debian; advisories | CVE-2009-1385, CVE-2009-1389, CVE-2009-1630, CVE-2009-1633, CVE-2009-1895, CVE-2009-1914, CVE-2009-1961, CVE-2009-2406, CVE-2009-2407; SHA-256 | 3e4337776a6b1affbc02de5ed8349b5fee27fdcee9cda24ab22b8932ebc72584; Download | Favorite | View

Ubuntu Security Notice 807-1: Posted Jul 29, 2009; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-807-1 - Michael Tokarev discovered that the RTL8169 network driver did not correctly validate buffer sizes. A remote attacker on the local network could send specially traffic traffic that would crash the system or potentially grant elevated privileges. Julien Tinnes and Tavis Ormandy discovered that when executing setuid processes the kernel did not clear certain personality flags. A local attacker could exploit this to map the NULL memory page, causing other vulnerabilities to become exploitable. Ubuntu 6.06 was not affected. Matt T. Yourst discovered that KVM did not correctly validate the page table root. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. Ramon de Carvalho Valle discovered that eCryptfs did not correctly validate certain buffer sizes. A local attacker could create specially crafted eCryptfs files to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected.; tags | advisory, remote, denial of service, kernel, local, root, vulnerability; systems | linux, ubuntu; advisories | CVE-2009-1389, CVE-2009-1895, CVE-2009-2287, CVE-2009-2406, CVE-2009-2407; SHA-256 | 76e56d56aac365a9fbbf33f82d67fb4d45dbf243bfe856e1d294cc57021817a8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2009-1895

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems