[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: /proc/$pid/ leaks contents
From:       Eugene Teo <eugene () redhat ! com>
Date:       2011-02-25 0:15:04
Message-ID: 4D66F488.5000809 () redhat ! com
[Download RAW message or body]

On 02/25/2011 07:57 AM, Kees Cook wrote:
> Hi,
>
> I'd like to get a CVE assigned for this information leak issue:
> https://lkml.org/lkml/2011/2/7/368
>
> Pre-opened file descriptors in /proc/$pid/ can bypass DAC allowing
> visibility into setuid process state, especially leaking ASLR offset.

Please use CVE-2011-1020.

Eugene
-- 
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]