CVE-2009-1895

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

References

http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6

http://patchwork.kernel.org/patch/32598/

http://secunia.com/advisories/35801

http://secunia.com/advisories/36045

http://secunia.com/advisories/36051

http://secunia.com/advisories/36054

http://secunia.com/advisories/36116

http://secunia.com/advisories/36131

http://secunia.com/advisories/36759

http://secunia.com/advisories/37471

http://wiki.rpath.com/Advisories:rPSA-2009-0111

http://www.debian.org/security/2009/dsa-1844

http://www.debian.org/security/2009/dsa-1845

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc3

http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

http://www.osvdb.org/55807

http://www.redhat.com/support/errata/RHSA-2009-1193.html

http://www.redhat.com/support/errata/RHSA-2009-1438.html

http://www.securityfocus.com/archive/1/505254/100/0/threaded

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/archive/1/512019/100/0/threaded

http://www.securityfocus.com/bid/35647

http://www.ubuntu.com/usn/usn-807-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/1866

http://www.vupen.com/english/advisories/2009/3316

https://bugs.launchpad.net/bugs/cve/2009-1895

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11768

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7826

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9453

https://rhn.redhat.com/errata/RHSA-2009-1540.html

https://rhn.redhat.com/errata/RHSA-2009-1550.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html

Details

Source: MITRE

Published: 2009-07-16

Updated: 2018-11-08

Type: CWE-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
high
79461OracleVM 2.1 : kernel (OVMSA-2009-0017)NessusOracleVM Local Security Checks
high
67955Oracle Linux 3 : kernel (ELSA-2009-1550)NessusOracle Linux Local Security Checks
high
67953Oracle Linux 5 : kernel (ELSA-2009-1548)NessusOracle Linux Local Security Checks
high
67952Oracle Linux 4 : kernel (ELSA-2009-1541)NessusOracle Linux Local Security Checks
high
67925Oracle Linux 4 : kernel (ELSA-2009-1438)NessusOracle Linux Local Security Checks
high
67904Oracle Linux 5 : kernel (ELSA-2009-1193)NessusOracle Linux Local Security Checks
high
67070CentOS 3 : kernel (CESA-2009:1550)NessusCentOS Local Security Checks
high
67068CentOS 5 : kernel (CESA-2009:1548)NessusCentOS Local Security Checks
high
67067CentOS 4 : kernel (CESA-2009:1541)NessusCentOS Local Security Checks
high
63915RHEL 5 : kernel (RHSA-2010:0079)NessusRed Hat Local Security Checks
critical
60688Scientific Linux Security Update : kernel on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
60634Scientific Linux Security Update : kernel for SL 5.x on i386/x86_64NessusScientific Linux Local Security Checks
high
47150VMSA-2010-0010 : ESX 3.5 third-party update for Service Console kernelNessusVMware ESX Local Security Checks
high
44710Debian DSA-1845-1 : linux-2.6 - denial of service, privilege escalationNessusDebian Local Security Checks
high
44709Debian DSA-1844-1 : linux-2.6.24 - denial of service/privilege escalationNessusDebian Local Security Checks
high
43790CentOS 4 : kernel (CESA-2009:1438)NessusCentOS Local Security Checks
high
43773CentOS 5 : kernel (CESA-2009:1193)NessusCentOS Local Security Checks
high
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
42360RHEL 3 : kernel (RHSA-2009:1550)NessusRed Hat Local Security Checks
high
42358RHEL 5 : kernel (RHSA-2009:1548)NessusRed Hat Local Security Checks
high
42357RHEL 4 : kernel (RHSA-2009:1541)NessusRed Hat Local Security Checks
high
42284Mandriva Linux Security Advisory : kernel (MDVSA-2009:289)NessusMandriva Local Security Checks
high
40998RHEL 4 : kernel (RHSA-2009:1438)NessusRed Hat Local Security Checks
high
40783openSUSE Security Update : kernel (kernel-1211)NessusSuSE Local Security Checks
high
40487RHEL 5 : kernel (RHSA-2009:1193)NessusRed Hat Local Security Checks
high
40482Fedora 10 : kernel-2.6.27.29-170.2.78.fc10 (2009-8264)NessusFedora Local Security Checks
high
40481Fedora 11 : kernel-2.6.29.6-217.2.3.fc11 (2009-8144)NessusFedora Local Security Checks
high
40416Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-807-1)NessusUbuntu Local Security Checks
high
801476CentOS RHSA-2009-1438 Security CheckLog Correlation EngineGeneric
high
801471CentOS RHSA-2009-1193 Security CheckLog Correlation EngineGeneric
high