diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2010-03-04 23:30:06 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2010-03-04 23:30:06 +0000 |
commit | 8b89b4be7cf2cf2a85f2e5521046e5a53d6a90dc (patch) | |
tree | 0decae468ee0fa9b8f7e02de08dd13641f90fb2d /retired/CVE-2009-2695 | |
parent | 24f2bb5a17a5d17d4346de3a08e222f5d7791003 (diff) |
retire issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1759 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2009-2695')
-rw-r--r-- | retired/CVE-2009-2695 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/retired/CVE-2009-2695 b/retired/CVE-2009-2695 new file mode 100644 index 00000000..307fc3b4 --- /dev/null +++ b/retired/CVE-2009-2695 @@ -0,0 +1,21 @@ +Candidate: CVE-2009-2695 +Description: + The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that + target page zero and other low memory addresses, which allows local users to gain + privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) + the default configuration of the allow_unconfined_mmap_low boolean in SELinux on + Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes + allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a + requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) + interaction between the mmap_min_addr protection mechanism and certain application + programs. +References: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695 +Ubuntu-Description: +Notes: +Bugs: +upstream: released (2.6.31-rc7) +linux-2.6: released (2.6.31-1) +2.6.18-etch-security: N/A "no mmap_min_addr" +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch] +2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch] |