oss-sec mailing list archives
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling
From: Eugene Teo <eugene () redhat com>
Date: Tue, 24 Jan 2012 10:13:13 +0800
On 01/20/2012 10:52 PM, Eugene Teo wrote:
On 01/19/2012 12:05 PM, Eugene Teo wrote:On 01/19/2012 04:43 AM, Kees Cook wrote:What's the problem with the old logic in the mem handling? (Why does this need a CVE?)This is a possible local privilege escalation issue on a system with ASLR disabled, combined with other exploitation techniques.Detailed information can be found here, https://access.redhat.com/kb/docs/DOC-69129
We have released an update for Red Hat Enterprise Linux 6, https://rhn.redhat.com/errata/RHSA-2012-0052.html. Please update the kernel as soon as possible. PS: On Red Hat Enterprise Linux 6, /bin/su (coreutils) and /usr/bin/gpasswd (shadow-utils) are protected at compile time by PIE. Thanks, Eugene
Current thread:
- CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 17)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kurt Seifried (Jan 17)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 17)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kees Cook (Jan 18)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 18)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 20)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 23)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 18)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kurt Seifried (Jan 17)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer (Jan 22)
- Message not available
- Message not available
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Jason A. Donenfeld (Jan 22)
- Message not available
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer (Jan 22)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 22)