PT-2009-5086 · Linux · Linux Kernel

Kees Cook

+1

·

Publicado

2009-08-14

·

Atualizado

2017-08-17

·

CVE-2009-2691

CVSS v2.0

2.1

Baixa

VetorAV:L/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.30.4
Description The issue allows local users to read maps and smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. This is due to a problem in the mm for maps function in fs/proc/base.c.
Recommendations For Linux kernel versions prior to 2.6.30.4, consider upgrading to a version that contains a fix for this issue to prevent unauthorized access to sensitive files.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2009-2691
DSA-2005-1
RHSA-2009:1540

Produtos afetados

Linux Kernel