[kernel-sec-discuss] r1559 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Nov 2 15:51:50 UTC 2009
Author: gilbert-guest
Date: 2009-11-02 15:51:50 +0000 (Mon, 02 Nov 2009)
New Revision: 1559
Added:
active/CVE-2009-3725
Log:
new issue
Added: active/CVE-2009-3725
===================================================================
--- active/CVE-2009-3725 (rev 0)
+++ active/CVE-2009-3725 2009-11-02 15:51:50 UTC (rev 1559)
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-3725
+Description:
+ certain priviledged routines can be executed by an unpriviledged user, potentially
+ leading to arbitrary code execution as the priviledged user
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/02/1
+ http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
+Notes:
+ multiple issues that were introduced and fixed in various versions of the kernel
+ (i'm not sure how cases like this should be tracked)
+Bugs:
+upstream: released (2.6.31-rc1,2.6.31-rc3), pending (staging)
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
More information about the kernel-sec-discuss
mailing list