retired/CVE-2019-11191


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Description: ASLR bypass for setuid binaries (for fs/binfmt_aout.c)
References:
 https://www.openwall.com/lists/oss-security/2019/04/03/4
 https://www.openwall.com/lists/oss-security/2019/04/03/4/1
Notes:
 carnil> CVE is for the issue in binfmt_aout.c specifically.
 carnil> Upstream plans to deprecate a.out format.
 bwh> Only ELF supports ASLR.
Bugs:
upstream: N/A "Invalid"
4.19-upstream-stable: N/A "Invalid"
4.9-upstream-stable: N/A "Invalid"
3.16-upstream-stable: N/A "Invalid"
sid: N/A "Invalid"
4.9-stretch-security: N/A "Invalid"
3.16-jessie-security: N/A "Invalid"