Description: The proc filesystem implementation does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or potentially cause other integrity issues. References: https://lkml.org/lkml/2011/2/7/368 http://seclists.org/fulldisclosure/2011/Jan/421 http://openwall.com/lists/oss-security/2011/02/24/18 Acknowledgements: Red Hat would like to thank Kees Cook for reporting this issue.
Statement: Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via RHSA-2012:0007, RHSA-2011:1530 and RHSA-2011:1253 respectively.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2011:1253 https://rhn.redhat.com/errata/RHSA-2011-1253.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1530 https://rhn.redhat.com/errata/RHSA-2011-1530.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0007 https://rhn.redhat.com/errata/RHSA-2012-0007.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6.1 EUS - Server Only Via RHSA-2012:0116 https://rhn.redhat.com/errata/RHSA-2012-0116.html