CVE-2009-1895

Severity

72%

Complexity

39%

Confidentiality

165%

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Linux

First reported 15 years ago

2009-07-16 15:30:00

Last updated 6 years ago

2018-11-08 20:39:00

Affected Software

Linux Kernel

Linux Kernel 2.6.31 Release Candidate 1

2.6.31

Linux Kernel 2.6.31 Release Candidate 2

2.6.31

Debian GNU/Linux 4.0

4.0

Debian GNU/Linux 5.0

5.0

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)

8.04

Canonical Ubuntu Linux 8.10

8.10

Canonical Ubuntu Linux 9.04

9.04

References

http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html

Patch, Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6

Vendor Advisory

http://patchwork.kernel.org/patch/32598/

Patch, Vendor Advisory

35801

Third Party Advisory

36045

Third Party Advisory

36051

Third Party Advisory

36054

Third Party Advisory

36116

Third Party Advisory

36131

Third Party Advisory

36759

Third Party Advisory

37471

Third Party Advisory

http://wiki.rpath.com/Advisories:rPSA-2009-0111

Third Party Advisory

DSA-1844

Third Party Advisory

DSA-1845

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc3

Vendor Advisory

MDVSA-2011:051

Third Party Advisory

55807

Broken Link

RHSA-2009:1193

Third Party Advisory

RHSA-2009:1438

Third Party Advisory

20090724 rPSA-2009-0111-1 kernel

Third Party Advisory, VDB Entry

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Third Party Advisory, VDB Entry

20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel

Third Party Advisory, VDB Entry

35647

Third Party Advisory, VDB Entry

USN-807-1

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Third Party Advisory

ADV-2009-1866

Patch, Third Party Advisory

ADV-2009-3316

Third Party Advisory

https://bugs.launchpad.net/bugs/cve/2009-1895

Third Party Advisory

oval:org.mitre.oval:def:11768

Third Party Advisory

oval:org.mitre.oval:def:7826

Third Party Advisory

oval:org.mitre.oval:def:9453

Third Party Advisory

RHSA-2009:1540

Third Party Advisory

RHSA-2009:1550

Third Party Advisory

FEDORA-2009-8264

Third Party Advisory

FEDORA-2009-8144

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.