CVE-2009-1895

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-1895 at MITRE

Description

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

NVD CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Note from the SUSE Security Team

This CVE specifies a bug that could disable the 'mmap_min_addr' protection in the kernel. This protection was added in the 2.6.25 mainline kernel, so by default exists in openSUSE 11.0, 11.1 and SUSE Linux Enterprise 11 and newer products. We backported the 'mmap_min_addr' protection also to SUSE Linux Enterprise 10 SP3, but not to older products. So older products did not need to get fixes for this.

This issue does not reference an actual security issue. You need a second bug to actually exploit this problem.

Novell Bugzilla entry: 521427

SUSE Security Advisories:

SUSE-SA:2009:045, published Thu, 20 Aug 2009 13:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.29_0.1-2.1.13` `cluster-network-kmp-pae >= 1.4_2.6.27.29_0.1-2.1.13` `cluster-network-kmp-xen >= 1.4_2.6.27.29_0.1-2.1.13` `ocfs2-kmp-default >= 1.4_2.6.27.29_0.1-4.1.13` `ocfs2-kmp-pae >= 1.4_2.6.27.29_0.1-4.1.13` `ocfs2-kmp-xen >= 1.4_2.6.27.29_0.1-4.1.13`	sle11-debuginfo.x86 sle11-sdk.x86 sled11.x86 sle11-hae.x86 sles11.x86 SAT Patch Nr: 1212
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.27.29-0.1.1` `kernel-xen-extra >= 2.6.27.29-0.1.1`	Builds SAT Patch Nr: 1224
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.27.29-0.1.1`	Builds SAT Patch Nr: 1221
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.27.29-0.1.1`	Builds SAT Patch Nr: 1223
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.29_0.1-2.1.13` `cluster-network-kmp-xen >= 1.4_2.6.27.29_0.1-2.1.13` `ocfs2-kmp-default >= 1.4_2.6.27.29_0.1-4.1.13` `ocfs2-kmp-xen >= 1.4_2.6.27.29_0.1-4.1.13`	sle11-hae.x86-64 sle11-sdk.x86-64 sle11-debuginfo.x86-64 sles11.x86-64 sled11.x86-64 SAT Patch Nr: 1219
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.27.29-0.1.1` `kernel-ppc64-extra >= 2.6.27.29-0.1.1`	Builds SAT Patch Nr: 1222
SLE 11 SERVER Unsupported Extras	`kernel-default-extra >= 2.6.27.29-0.1.1` `kernel-pae-extra >= 2.6.27.29-0.1.1` `kernel-xen-extra >= 2.6.27.29-0.1.1`	Builds SAT Patch Nr: 1220
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.29_0.1-2.1.13` `ocfs2-kmp-default >= 1.4_2.6.27.29_0.1-4.1.13`	sles11.ia64 sle11-debuginfo.ia64 sle11-hae.ia64 SAT Patch Nr: 1213
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.29_0.1-2.1.13` `cluster-network-kmp-ppc64 >= 1.4_2.6.27.29_0.1-2.1.13` `ocfs2-kmp-default >= 1.4_2.6.27.29_0.1-4.1.13` `ocfs2-kmp-ppc64 >= 1.4_2.6.27.29_0.1-4.1.13`	sle11-debuginfo.ppc sles11.ppc sle11-hae.ppc SAT Patch Nr: 1217
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.29_0.1-2.1.13` `ocfs2-kmp-default >= 1.4_2.6.27.29_0.1-4.1.13`	sle11-debuginfo.s390x sles11.s390x sle11-hae.s390x SAT Patch Nr: 1218

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute