1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
PublicDateAtUSN: 2010-01-19
Candidate: CVE-2009-4141
PublicDate: 2010-01-19
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4141
http://www.ubuntu.com/usn/usn-894-1
Description:
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in
the Linux kernel before 2.6.33-rc4-git1 allows local users to gain
privileges via vectors that include enabling O_ASYNC (aka FASYNC or
FIOASYNC) on a locked file, and then closing this file.
Ubuntu-Description:
Notes:
mdeslaur> introduced by http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=233e70f4228e78eb2f80dc6650f65d3ae3dbf17c
Bugs:
Priority: medium
Discovered-by: Tavis Ormandy
Assigned-to: ogasawara
Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.33~rc5)
dapper_linux-source-2.6.15: not-affected
hardy_linux-source-2.6.15: DNE
intrepid_linux-source-2.6.15: DNE
jaunty_linux-source-2.6.15: DNE
karmic_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE
Patches_linux:
break-fix: 233e70f4228e78eb2f80dc6650f65d3ae3dbf17c 53281b6d34d44308372d16acb7fb5327609f68b6
upstream_linux: released (2.6.33~rc5)
dapper_linux: DNE
hardy_linux: not-affected
intrepid_linux: not-affected
jaunty_linux: released (2.6.28-18.59)
karmic_linux: released (2.6.31-19.56)
devel_linux: not-affected
|