[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: kernel: /proc/$pid/ leaks contents
From: Eugene Teo <eugene () redhat ! com>
Date: 2011-02-25 0:15:04
Message-ID: 4D66F488.5000809 () redhat ! com
[Download RAW message or body]
On 02/25/2011 07:57 AM, Kees Cook wrote:
> Hi,
>
> I'd like to get a CVE assigned for this information leak issue:
> https://lkml.org/lkml/2011/2/7/368
>
> Pre-opened file descriptors in /proc/$pid/ can bypass DAC allowing
> visibility into setuid process state, especially leaking ASLR offset.
Please use CVE-2011-1020.
Eugene
--
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic