Re: [oss-security] Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access)

On Thu, Feb 9, 2012 at 00:03, Djalal Harouni <tixxdz@opendz.org> wrote:

> Hi Solar, Jason,
>
> Nice one Jason, and I've also found this according to this tweet:
> http://twitter.com/#!/tixxdz/status/165818331092365312

http://git.zx2c4.com/CVE-2012-0056/commit/?id=105eded1abc03c5610cf912d4939809b2f06627e

2012-01-25 (for the record)

probably this has been known by a lot of folks for a while though

• This message: [ Message body ]
• Next message: Jason A. Donenfeld: "Re: [oss-security] Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access)"
• Previous message: Kurt Seifried: "Re: [oss-security] CVE request: apr - Hash DoS vulnerability"
• In reply to: Djalal Harouni: "Re: [oss-security] Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access)"
• Next in thread: Jason A. Donenfeld: "Re: [oss-security] Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access)"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]