CVE		CVE-2009-1895
Status		UNKNOWN
Description		The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
Severity		High
CVSS score		7,2
CVSS vector		(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Phase		ASSIGNED (06.09.2011)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1895
References		BID : 35647
		BUGTRAQ : 20090724 rPSA-2009-0111-1 kernel
		BUGTRAQ : 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
		BUGTRAQ : 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel
		CONFIRM : http://git.kernel.org/?p=linux/kernel/git/torvalds...
		CONFIRM : http://patchwork.kernel.org/patch/32598/
		CONFIRM : http://wiki.rpath.com/Advisories:rPSA-2009-0111
		CONFIRM : http://www.kernel.org/pub/linux/kernel/v2.6/testin...
		CONFIRM : http://www.vmware.com/security/advisories/VMSA-200...
		CONFIRM : https://bugs.launchpad.net/bugs/cve/2009-1895
		DEBIAN : DSA-1844
		DEBIAN : DSA-1845
		FEDORA : FEDORA-2009-8144
		FEDORA : FEDORA-2009-8264
		MISC : http://blog.cr0.org/2009/06/bypassing-linux-null-p...
		OSVDB : 55807
		OVAL : oval:org.mitre.oval:def:11768
		OVAL : oval:org.mitre.oval:def:7826
		OVAL : oval:org.mitre.oval:def:9453
		REDHAT : RHSA-2009:1193
		REDHAT : RHSA-2009:1438
		REDHAT : RHSA-2009:1540
		REDHAT : RHSA-2009:1550
		SECUNIA : 35801
		SECUNIA : 36045
		SECUNIA : 36051
		SECUNIA : 36054
		SECUNIA : 36116
		SECUNIA : 36131
		SECUNIA : 36759
		SECUNIA : 37471
		UBUNTU : USN-807-1
		VUPEN : ADV-2009-1866
		VUPEN : ADV-2009-3316
SecurityVulns:		Linux kernel privilege escalation