[kernel-sec-discuss] r1550 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Oct 26 21:47:08 UTC 2009
Author: gilbert-guest
Date: 2009-10-26 21:47:08 +0000 (Mon, 26 Oct 2009)
New Revision: 1550
Added:
active/CVE-2009-file-permission-bypass
Log:
new issue
Added: active/CVE-2009-file-permission-bypass
===================================================================
--- active/CVE-2009-file-permission-bypass (rev 0)
+++ active/CVE-2009-file-permission-bypass 2009-10-26 21:47:08 UTC (rev 1550)
@@ -0,0 +1,16 @@
+Candidate:
+Description:
+ file permissions can be circumvented via information in /proc
+References:
+ http://securityfocus.com/archive/1/507386/30/30/threaded
+Notes:
+ from discussion on bugtraq, it appears that this problem is exposed because of some
+ debian-specific patches (upstream is not affected). at this point, i am noting the
+ issue because there appears to be something to it, but i have not studied it in
+ detail nor verified any claims.
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
More information about the kernel-sec-discuss
mailing list