oss-sec mailing list archives
CVE request: kernel: /proc/$pid/ leaks contents across setuid exec
From: Kees Cook <kees () ubuntu com>
Date: Thu, 24 Feb 2011 15:57:06 -0800
Hi, I'd like to get a CVE assigned for this information leak issue: https://lkml.org/lkml/2011/2/7/368 Pre-opened file descriptors in /proc/$pid/ can bypass DAC allowing visibility into setuid process state, especially leaking ASLR offset. Thanks, -Kees -- Kees Cook Ubuntu Security Team
Current thread:
- CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Kees Cook (Feb 24)
- Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Eugene Teo (Feb 24)