oss-sec mailing list archives

Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling

From: Eugene Teo <eugene () redhat com>
Date: Thu, 19 Jan 2012 12:05:42 +0800

On 01/19/2012 04:43 AM, Kees Cook wrote:

What's the problem with the old logic in the mem handling? (Why does this
need a CVE?)


This is a possible local privilege escalation issue on a system with
ASLR disabled, combined with other exploitation techniques.

Eugene

Current thread:

CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 17)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kurt Seifried (Jan 17)
  - Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 17)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kees Cook (Jan 18)
  - Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 18)
    - Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 20)
    - Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 23)
- Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer (Jan 22)
  - Message not available
    - Message not available
    - Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Jason A. Donenfeld (Jan 22)
  - Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer (Jan 22)
  - Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 22)