CVE-2009-1895
kernel: personality: fix PER_CLEAR_ON_SETID
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
El subsistema de personalidad en el Linux kernel anterior a v2.6.31-rc3 tiene establecido que PER_CLEAR_ON_SETID no borre las banderas ADDR_COMPAT_LAYOUT y MMAP_PAGE_ZERO cuando ejecuta un programa setuid o setgid, lo que facilita a usuarios locales aprovechar los detalles del uso actual de memoria para (1) llevar a cabo ataques de deferencia a punteros NULOS, (2) evitar el mecanismo de protección mmap_min_addr o (3) rechazar aleatoriamente el espacio en la capa de direcciones (ASLR).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-06-02 CVE Reserved
- 2009-07-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-16: Configuration
CAPEC
References (37)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html | 2023-02-13 | |
| http://patchwork.kernel.org/patch/32598 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2009/1866 | 2023-02-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 2.6.31 Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.31" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31" | rc2 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04" | - |
Affected
| ||||||