CVE-2009-2691

Impact:
Moderate
Public Date:
2009-07-10
Bugzilla:
516171: CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading

The MITRE CVE dictionary describes this issue as:

The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition.

Find out more about CVE-2009-2691 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

The Red Hat Security Response Team has rated this issue as having moderate security impact.

We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, and 5 as it is not possible to trigger the information leak if the suid_dumpable tunable is set to zero (which is the default).

It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1540.html

CVSS v2 metrics

Base Score 2.1
Base Metrics AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2009:1540 2009-11-03

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.