oss-sec mailing list archives
Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec
From: Eugene Teo <eugene () redhat com>
Date: Fri, 25 Feb 2011 08:15:04 +0800
On 02/25/2011 07:57 AM, Kees Cook wrote:
Hi, I'd like to get a CVE assigned for this information leak issue: https://lkml.org/lkml/2011/2/7/368 Pre-opened file descriptors in /proc/$pid/ can bypass DAC allowing visibility into setuid process state, especially leaking ASLR offset.
Please use CVE-2011-1020. Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Kees Cook (Feb 24)
- Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Eugene Teo (Feb 24)