[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1337Date: (C)2009-04-22   (M)2024-02-22


The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1022141
http://www.securityfocus.com/archive/1/503610/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/512019/100/0/threaded
BID-34405
SECUNIA-34917
SECUNIA-34981
SECUNIA-35011
SECUNIA-35015
SECUNIA-35120
SECUNIA-35121
SECUNIA-35160
SECUNIA-35185
SECUNIA-35226
SECUNIA-35324
SECUNIA-35387
SECUNIA-35390
SECUNIA-35394
SECUNIA-35656
SECUNIA-37471
ADV-2009-3316
DSA-1787
DSA-1794
DSA-1800
FEDORA-2009-5356
MDVSA-2009:119
MDVSA-2009:135
RHSA-2009:0451
RHSA-2009:0473
RHSA-2009:1024
RHSA-2009:1077
RHSA-2009:1550
SUSE-SA:2009:028
SUSE-SA:2009:030
SUSE-SA:2009:031
SUSE-SA:2009:032
USN-793-1
http://marc.info/?l=linux-kernel&m=123560588713763&w=2
http://www.openwall.com/lists/oss-security/2009/04/07/1
http://www.openwall.com/lists/oss-security/2009/04/17/3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=432870dab85a2f69dc417022646cb9a70acf7f94
http://patchwork.kernel.org/patch/16544/
http://wiki.rpath.com/Advisories:rPSA-2009-0084
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc1
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://bugzilla.redhat.com/show_bug.cgi?id=493771
oval:org.mitre.oval:def:10919
oval:org.mitre.oval:def:11206
oval:org.mitre.oval:def:8295

CPE    315
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.23.1
cpe:/o:linux:linux_kernel:2.6.23.2
cpe:/o:linux:linux_kernel:2.6.23.3
...
CWE    1
CWE-264
OVAL    20
oval:org.secpod.oval:def:500560
oval:org.secpod.oval:def:202023
oval:org.secpod.oval:def:202001
oval:org.secpod.oval:def:600380
...

© SecPod Technologies