Upstream information
Description
The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries.SUSE information
Overall state of this security issue: Resolved
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
| National Vulnerability Database | |
|---|---|
| Base Score | 1.9 |
| Vector | AV:L/AC:M/Au:N/C:N/I:P/A:N |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Note from the SUSE Security Team
This issue is a flaw in a Redhat specific ASLR variant, which is not included in SUSE Linux and openSUSE Kernels. So we are not affected by this problem. SUSE Bugzilla entry: 753040 [RESOLVED / UPSTREAM] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Fri Jun 28 12:34:09 2013CVE page last modified: Fri Oct 7 12:46:14 2022