CVE-2009-1895


Severity : High
Published : 2009-07-16
Modified : 2013-07-06
Base Score : 7.2
Details : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
Product/Version : MVL6 Kernel 2.6.27  
Consumer Mobilinux 5.0.24  
Professional PRO 5.0.24  
MVL5 Kernel 2.6.24  
MVL5 Kernel 2.6.24  
MVL5 Kernel 2.6.29  
Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Professional PRO 5.0  
Professional PRO 5.0  
CGE 5.x  
Mobilinux 5.x  
MVL6 Kernel 2.6.24  
 
 
 

CVE Vulnerabilities List CVE-2009

CVE-2009-0021CVE-2009-0028CVE-2009-0159CVE-2009-0163
CVE-2009-0316CVE-2009-0778CVE-2009-0791CVE-2009-0798
CVE-2009-0834CVE-2009-0835CVE-2009-0859CVE-2009-0949
CVE-2009-1192CVE-2009-1194CVE-2009-1195CVE-2009-1196
CVE-2009-1210CVE-2009-1252CVE-2009-1265CVE-2009-1267
CVE-2009-1268CVE-2009-1269CVE-2009-1297CVE-2009-1337
CVE-2009-1377CVE-2009-1378CVE-2009-1389CVE-2009-1417
CVE-2009-1574CVE-2009-1630CVE-2009-1632CVE-2009-1885
CVE-2009-1890CVE-2009-1891CVE-2009-1895CVE-2009-1961
CVE-2009-2042CVE-2009-2409CVE-2009-2412CVE-2009-2417
CVE-2009-2560CVE-2009-2562CVE-2009-2563CVE-2009-2730
CVE-2009-2847CVE-2009-2848CVE-2009-2849CVE-2009-2903
CVE-2009-2908CVE-2009-2909CVE-2009-2910CVE-2009-3001
CVE-2009-3002CVE-2009-3080CVE-2009-3095CVE-2009-3228
CVE-2009-3230CVE-2009-3238CVE-2009-3245CVE-2009-3490
CVE-2009-3547CVE-2009-3550CVE-2009-3555CVE-2009-3557
CVE-2009-3558CVE-2009-3559CVE-2009-3560CVE-2009-3563
CVE-2009-3612CVE-2009-3620CVE-2009-3621CVE-2009-3639
CVE-2009-3720CVE-2009-3726CVE-2009-3736CVE-2009-3767
CVE-2009-3889CVE-2009-4005CVE-2009-4017CVE-2009-4020
CVE-2009-4021CVE-2009-4022CVE-2009-4029CVE-2009-4131
CVE-2009-4134CVE-2009-4135CVE-2009-4141CVE-2009-4272
CVE-2009-4307CVE-2009-4308CVE-2009-4355CVE-2009-4377
CVE-2009-4410CVE-2009-4537CVE-2009-4880CVE-2009-4881
CVE-2009-4895CVE-2009-5029CVE-2009-5064