[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1388Date: (C)2009-07-05   (M)2024-02-23


The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score : 4.9
Exploit Score: 1.8Exploit Score: 3.9
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
http://www.securityfocus.com/archive/1/507985/100/0/threaded
BID-35559
SECUNIA-36131
SECUNIA-37471
OSVDB-55679
ADV-2009-3316
RHSA-2009:1193
http://marc.info/?l=oss-security&m=124654277229434&w=2
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://bugzilla.redhat.com/attachment.cgi?id=346615
https://bugzilla.redhat.com/attachment.cgi?id=346742
https://bugzilla.redhat.com/show_bug.cgi?id=504263
oval:org.mitre.oval:def:8625
oval:org.mitre.oval:def:8680

CWE    1
CWE-667
OVAL    3
oval:org.secpod.oval:def:202120
oval:org.secpod.oval:def:202169
oval:org.secpod.oval:def:500493

© SecPod Technologies