CVE-2009-1895


Severity : High
Published : 2009-07-16
Modified : 2013-07-06
Base Score : 7.2
Details : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
Product/Version : MVL6 Kernel 2.6.27  
Consumer Mobilinux 5.0.24  
Professional PRO 5.0.24  
MVL5 Kernel 2.6.24  
MVL5 Kernel 2.6.24  
MVL5 Kernel 2.6.29  
Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Professional PRO 5.0  
Professional PRO 5.0  
CGE 5.x  
Mobilinux 5.x  
 
 
 


CVE Vulnerabilities List CVE-2009
CVE-2009-5064CVE-2009-5029CVE-2009-4895CVE-2009-4881
CVE-2009-4880CVE-2009-4537CVE-2009-4410CVE-2009-4377
CVE-2009-4355CVE-2009-4308CVE-2009-4307CVE-2009-4272
CVE-2009-4141CVE-2009-4135CVE-2009-4134CVE-2009-4131
CVE-2009-4029CVE-2009-4022CVE-2009-4021CVE-2009-4020
CVE-2009-4017CVE-2009-4005CVE-2009-3889CVE-2009-3767
CVE-2009-3736CVE-2009-3726CVE-2009-3720CVE-2009-3639
CVE-2009-3621CVE-2009-3620CVE-2009-3612CVE-2009-3563
CVE-2009-3560CVE-2009-3559CVE-2009-3558CVE-2009-3557
CVE-2009-3555CVE-2009-3550CVE-2009-3547CVE-2009-3490
CVE-2009-3245CVE-2009-3238CVE-2009-3230CVE-2009-3228
CVE-2009-3095CVE-2009-3094CVE-2009-3080CVE-2009-3002
CVE-2009-3001CVE-2009-2910CVE-2009-2909CVE-2009-2908
CVE-2009-2903CVE-2009-2849CVE-2009-2848CVE-2009-2847
CVE-2009-2730CVE-2009-2563CVE-2009-2562CVE-2009-2560
CVE-2009-2417CVE-2009-2412CVE-2009-2409CVE-2009-2042
CVE-2009-1961CVE-2009-1895CVE-2009-1891CVE-2009-1890
CVE-2009-1885CVE-2009-1632CVE-2009-1630CVE-2009-1574
CVE-2009-1417CVE-2009-1389CVE-2009-1387CVE-2009-1386
CVE-2009-1378CVE-2009-1377CVE-2009-1337CVE-2009-1297
CVE-2009-1269CVE-2009-1268CVE-2009-1267CVE-2009-1265
CVE-2009-1252CVE-2009-1210CVE-2009-1196CVE-2009-1195
CVE-2009-1194CVE-2009-1192CVE-2009-0949CVE-2009-0887
CVE-2009-0859CVE-2009-0835CVE-2009-0834CVE-2009-0798
CVE-2009-0791CVE-2009-0778CVE-2009-0316CVE-2009-0217
CVE-2009-0163CVE-2009-0159CVE-2009-0028CVE-2009-0021