CVE-2009-2691
Published Aug 14, 2009
Last updated a year ago
Overview
- Description
- The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Vendor comments
- Red HatThe Red Hat Security Response Team has rated this issue as having moderate security impact. We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, and 5 as it is not possible to trigger the information leak if the suid_dumpable tunable is set to zero (which is the default). It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1540.html
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63524387-5057-465B-AC04-C7C5CAEAE73A",
"versionEndIncluding": "2.6.30.4"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10E55450-F6D9-483C-9CC8-E651E5A12AB1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45273823-29EA-44DE-8444-3933402C5793"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88F60E74-09DB-4D4A-B922-4A46EED0EC20"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E242D3DE-D1DC-406A-BCC3-C4380B7EC369"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8598D6E5-0C5C-4A31-841A-C12801DB7D91"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59800B0A-477B-42F8-A58A-5144F455AE01"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc7-git6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F166BF6B-BFB0-4206-BD59-179701572F1C"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99AC6D46-A0BF-4F1D-88BB-03BF74FDB84F"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC40B6DE-09D9-422B-965B-7EB9F6661DEB"
}
],
"operator": "OR"
}
]
}
]