Bug 516171 - (CVE-2009-2691) CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading
CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 516684 516685 516686 516687 516688 516689
  Show dependency treegraph
Reported: 2009-08-07 03:00 EDT by Eugene Teo (Security Response)
Modified: 2016-04-22 09:25 EDT (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-04-22 09:25:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eugene Teo (Security Response) 2009-08-07 03:00:46 EDT
Description of problem:
From Kees Cook: Steve Beattie and I noticed that the /proc/$pid/maps and smaps files are readable during ELF loading for processes that a user should not normally be able to see (for example, when launching a setuid process).
Comment 16 John Kacur 2009-08-17 09:02:52 EDT
[jkacur@tycho rt.linux.git]$ git describe --contains 13f0feafa6b8aead57a2a328e2fca6a5828bf286

[jkacur@tycho rt.linux.git]$ git describe --contains 00f89d218523b9bf6b522349c039d5ac80aa536d
[jkacur@tycho rt.linux.git]$ git describe --contains 704b836cbf19e885f8366bccb2e4b0474346c02d

The current MRG V2 kernel is currently based on 2.6.31-rc6 which contains
all of the relevant commits.
Comment 18 Fedora Update System 2009-08-26 01:12:00 EDT
kernel- has been submitted as an update for Fedora 11.
Comment 19 Fedora Update System 2009-08-26 22:18:48 EDT
kernel- has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 errata-xmlrpc 2009-11-03 13:21:28 EST
This issue has been addressed in following products:

  MRG for RHEL-5

Via RHSA-2009:1540 https://rhn.redhat.com/errata/RHSA-2009-1540.html

Note You need to log in before you can comment on or make changes to this bug.