CVE 2009-1895
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
Related bugs and status
CVE-2009-1895 (Candidate) is related to these bugs:
Bug #403647: compiled without -fno-delete-null-pointer-checks
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 403647 | compiled without -fno-delete-null-pointer-checks | linux (Ubuntu) | Medium | Fix Released | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux (Ubuntu Dapper) | Undecided | Invalid | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux (Ubuntu Hardy) | Medium | Fix Released | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux (Ubuntu Jaunty) | Medium | Fix Released | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux (Ubuntu Karmic) | Medium | Fix Released | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux (Ubuntu Intrepid) | Medium | Fix Released | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux-source-2.6.15 (Ubuntu) | Undecided | Invalid | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux-source-2.6.15 (Ubuntu Dapper) | Medium | Fix Released | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux-source-2.6.15 (Ubuntu Hardy) | Undecided | Invalid | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux-source-2.6.15 (Ubuntu Intrepid) | Undecided | Invalid | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux-source-2.6.15 (Ubuntu Jaunty) | Undecided | Invalid | ||
| 403647 | compiled without -fno-delete-null-pointer-checks | linux-source-2.6.15 (Ubuntu Karmic) | Undecided | Invalid | ||
Bug #413656: Local root exploit via CVE-2009-2692 (incorrect proto_ops initializations)
See the 
CVE page on Mitre.org
for more details.
