CVE-2009-1895


Severity : High
Published : 2009-07-16
Modified : 2013-07-06
Base Score : 7.2
Details : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
Product/Version : MVL6 Kernel 2.6.27  
Consumer Mobilinux 5.0.24  
Professional PRO 5.0.24  
MVL5 Kernel 2.6.24  
MVL5 Kernel 2.6.24  
MVL5 Kernel 2.6.29  
Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Professional PRO 5.0  
Professional PRO 5.0  
CGE 5.x  
Mobilinux 5.x  
MVL6 Kernel 2.6.24  
 
 
 

CVE Vulnerabilities List CVE-2009

CVE-2009-0021 CVE-2009-0028 CVE-2009-0159 CVE-2009-0163
CVE-2009-0316 CVE-2009-0778 CVE-2009-0791 CVE-2009-0798
CVE-2009-0834 CVE-2009-0835 CVE-2009-0859 CVE-2009-0949
CVE-2009-1192 CVE-2009-1194 CVE-2009-1195 CVE-2009-1196
CVE-2009-1210 CVE-2009-1252 CVE-2009-1265 CVE-2009-1267
CVE-2009-1268 CVE-2009-1269 CVE-2009-1297 CVE-2009-1337
CVE-2009-1377 CVE-2009-1378 CVE-2009-1389 CVE-2009-1417
CVE-2009-1574 CVE-2009-1630 CVE-2009-1632 CVE-2009-1885
CVE-2009-1890 CVE-2009-1891 CVE-2009-1895 CVE-2009-1961
CVE-2009-2042 CVE-2009-2409 CVE-2009-2412 CVE-2009-2417
CVE-2009-2560 CVE-2009-2562 CVE-2009-2563 CVE-2009-2730
CVE-2009-2847 CVE-2009-2848 CVE-2009-2849 CVE-2009-2903
CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001
CVE-2009-3002 CVE-2009-3080 CVE-2009-3095 CVE-2009-3228
CVE-2009-3230 CVE-2009-3238 CVE-2009-3245 CVE-2009-3490
CVE-2009-3547 CVE-2009-3550 CVE-2009-3555 CVE-2009-3557
CVE-2009-3558 CVE-2009-3559 CVE-2009-3560 CVE-2009-3563
CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3639
CVE-2009-3720 CVE-2009-3726 CVE-2009-3736 CVE-2009-3767
CVE-2009-3889 CVE-2009-4005 CVE-2009-4017 CVE-2009-4020
CVE-2009-4021 CVE-2009-4022 CVE-2009-4029 CVE-2009-4131
CVE-2009-4134 CVE-2009-4135 CVE-2009-4141 CVE-2009-4272
CVE-2009-4307 CVE-2009-4308 CVE-2009-4355 CVE-2009-4377
CVE-2009-4410 CVE-2009-4537 CVE-2009-4880 CVE-2009-4881
CVE-2009-4895 CVE-2009-5029 CVE-2009-5064