ByteOS Network

CVE Vulnerability Details :

CVE-2009-1895

PUBLISHED

More Info Official Page

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-16 Jul, 2009 | 15:00

Updated At-07 Aug, 2024 | 05:27

▼CVE Numbering Authority (CNA)

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securityfocus.com/archive/1/512019/100/0/threaded	mailing-list x_refsource_BUGTRAQ
http://wiki.rpath.com/Advisories:rPSA-2009-0111	x_refsource_CONFIRM
http://secunia.com/advisories/36131	third-party-advisory x_refsource_SECUNIA
http://www.osvdb.org/55807	vdb-entry x_refsource_OSVDB
http://www.vupen.com/english/advisories/2009/1866	vdb-entry x_refsource_VUPEN
https://rhn.redhat.com/errata/RHSA-2009-1540.html	vendor-advisory x_refsource_REDHAT
http://secunia.com/advisories/37471	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/36759	third-party-advisory x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html	vendor-advisory x_refsource_FEDORA
http://www.debian.org/security/2009/dsa-1844	vendor-advisory x_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-807-1	vendor-advisory x_refsource_UBUNTU
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2009-1193.html	vendor-advisory x_refsource_REDHAT
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7826	vdb-entry signature x_refsource_OVAL
http://www.securityfocus.com/bid/35647	vdb-entry x_refsource_BID
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html	vendor-advisory x_refsource_FEDORA
http://www.securityfocus.com/archive/1/505254/100/0/threaded	mailing-list x_refsource_BUGTRAQ
http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html	x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051	vendor-advisory x_refsource_MANDRIVA
http://www.securityfocus.com/archive/1/507985/100/0/threaded	mailing-list x_refsource_BUGTRAQ
http://secunia.com/advisories/36051	third-party-advisory x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11768	vdb-entry signature x_refsource_OVAL
http://secunia.com/advisories/36045	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/36116	third-party-advisory x_refsource_SECUNIA
https://rhn.redhat.com/errata/RHSA-2009-1550.html	vendor-advisory x_refsource_REDHAT
http://patchwork.kernel.org/patch/32598/	x_refsource_CONFIRM
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc3	x_refsource_CONFIRM
http://secunia.com/advisories/35801	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/36054	third-party-advisory x_refsource_SECUNIA
https://bugs.launchpad.net/bugs/cve/2009-1895	x_refsource_CONFIRM
http://www.debian.org/security/2009/dsa-1845	vendor-advisory x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9453	vdb-entry signature x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2009-1438.html	vendor-advisory x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3316	vdb-entry x_refsource_VUPEN

Hyperlink: http://www.securityfocus.com/archive/1/512019/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0111

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/36131

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.osvdb.org/55807

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://www.vupen.com/english/advisories/2009/1866

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: https://rhn.redhat.com/errata/RHSA-2009-1540.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://secunia.com/advisories/37471

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/36759

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.debian.org/security/2009/dsa-1844

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://www.ubuntu.com/usn/usn-807-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1193.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6

Resource:

x_refsource_CONFIRM

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7826

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://www.securityfocus.com/bid/35647

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.securityfocus.com/archive/1/505254/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html

Resource:

x_refsource_MISC

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://secunia.com/advisories/36051

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11768

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://secunia.com/advisories/36045

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/36116

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://rhn.redhat.com/errata/RHSA-2009-1550.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://patchwork.kernel.org/patch/32598/

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc3

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/35801

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/36054

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://bugs.launchpad.net/bugs/cve/2009-1895

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.debian.org/security/2009/dsa-1845

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9453

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1438.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.vupen.com/english/advisories/2009/3316

Resource:

vdb-entry

x_refsource_VUPEN

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/archive/1/512019/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://wiki.rpath.com/Advisories:rPSA-2009-0111	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/36131	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.osvdb.org/55807	vdb-entry x_refsource_OSVDB x_transferred
http://www.vupen.com/english/advisories/2009/1866	vdb-entry x_refsource_VUPEN x_transferred
https://rhn.redhat.com/errata/RHSA-2009-1540.html	vendor-advisory x_refsource_REDHAT x_transferred
http://secunia.com/advisories/37471	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/36759	third-party-advisory x_refsource_SECUNIA x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.debian.org/security/2009/dsa-1844	vendor-advisory x_refsource_DEBIAN x_transferred
http://www.ubuntu.com/usn/usn-807-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	x_refsource_CONFIRM x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1193.html	vendor-advisory x_refsource_REDHAT x_transferred
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6	x_refsource_CONFIRM x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7826	vdb-entry signature x_refsource_OVAL x_transferred
http://www.securityfocus.com/bid/35647	vdb-entry x_refsource_BID x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.securityfocus.com/archive/1/505254/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html	x_refsource_MISC x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051	vendor-advisory x_refsource_MANDRIVA x_transferred
http://www.securityfocus.com/archive/1/507985/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://secunia.com/advisories/36051	third-party-advisory x_refsource_SECUNIA x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11768	vdb-entry signature x_refsource_OVAL x_transferred
http://secunia.com/advisories/36045	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/36116	third-party-advisory x_refsource_SECUNIA x_transferred
https://rhn.redhat.com/errata/RHSA-2009-1550.html	vendor-advisory x_refsource_REDHAT x_transferred
http://patchwork.kernel.org/patch/32598/	x_refsource_CONFIRM x_transferred
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc3	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/35801	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/36054	third-party-advisory x_refsource_SECUNIA x_transferred
https://bugs.launchpad.net/bugs/cve/2009-1895	x_refsource_CONFIRM x_transferred
http://www.debian.org/security/2009/dsa-1845	vendor-advisory x_refsource_DEBIAN x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9453	vdb-entry signature x_refsource_OVAL x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1438.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.vupen.com/english/advisories/2009/3316	vdb-entry x_refsource_VUPEN x_transferred