CVE-2009-1895


Severity : High
Published : 2009-07-16
Modified : 2013-07-06
Base Score : 7.2
Details : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
Product/Version : MVL6 Kernel 2.6.27  
Consumer Mobilinux 5.0.24  
Professional PRO 5.0.24  
MVL5 Kernel 2.6.24  
MVL5 Kernel 2.6.24  
MVL5 Kernel 2.6.29  
Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Professional PRO 5.0  
Professional PRO 5.0  
CGE 5.x  
Mobilinux 5.x  
MVL6 Kernel 2.6.24  
 
 
 

CVE Vulnerabilities List CVE-2009

CVE-2009-0021CVE-2009-0028CVE-2009-0159CVE-2009-0163
CVE-2009-0217CVE-2009-0316CVE-2009-0778CVE-2009-0791
CVE-2009-0798CVE-2009-0834CVE-2009-0835CVE-2009-0859
CVE-2009-0887CVE-2009-0949CVE-2009-1192CVE-2009-1194
CVE-2009-1195CVE-2009-1196CVE-2009-1210CVE-2009-1252
CVE-2009-1265CVE-2009-1267CVE-2009-1268CVE-2009-1269
CVE-2009-1297CVE-2009-1337CVE-2009-1377CVE-2009-1378
CVE-2009-1386CVE-2009-1387CVE-2009-1389CVE-2009-1417
CVE-2009-1574CVE-2009-1630CVE-2009-1632CVE-2009-1885
CVE-2009-1890CVE-2009-1891CVE-2009-1895CVE-2009-1961
CVE-2009-2042CVE-2009-2409CVE-2009-2412CVE-2009-2417
CVE-2009-2560CVE-2009-2562CVE-2009-2563CVE-2009-2730
CVE-2009-2847CVE-2009-2848CVE-2009-2849CVE-2009-2903
CVE-2009-2908CVE-2009-2909CVE-2009-2910CVE-2009-3001
CVE-2009-3002CVE-2009-3080CVE-2009-3094CVE-2009-3095
CVE-2009-3228CVE-2009-3230CVE-2009-3238CVE-2009-3245
CVE-2009-3490CVE-2009-3547CVE-2009-3550CVE-2009-3555
CVE-2009-3557CVE-2009-3558CVE-2009-3559CVE-2009-3560
CVE-2009-3563CVE-2009-3612CVE-2009-3620CVE-2009-3621
CVE-2009-3639CVE-2009-3720CVE-2009-3726CVE-2009-3736
CVE-2009-3767CVE-2009-3889CVE-2009-4005CVE-2009-4017
CVE-2009-4020CVE-2009-4021CVE-2009-4022CVE-2009-4029
CVE-2009-4131CVE-2009-4134CVE-2009-4135CVE-2009-4141
CVE-2009-4272CVE-2009-4307CVE-2009-4308CVE-2009-4355
CVE-2009-4377CVE-2009-4410CVE-2009-4537CVE-2009-4880
CVE-2009-4881CVE-2009-4895CVE-2009-5029CVE-2009-5064