blob: 05540cad5b8ff6b4abf08006a292258315d69f11 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Candidate: CVE-2007-3848
References:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d2d56c5f51028cb9f3d800882eb6f4cbd3f9099f
Description:
Linux kernel 2.4.35 and other versions allows local users to send
arbitrary signals to a child process that is running at higher privileges
by causing a setuid-root parent process to die, which delivers an
attacker-controlled parent process death signal (PR_SET_PDEATHSIG).
Ubuntu-Description:
It was discovered that certain setuid-root processes did not correctly
reset process death signal handlers. A local user could manipulate this
to send signals to processes they would not normally have access to.
Notes:
Bugs:
upstream: released (2.6.22.4)
linux-2.6: released (2.6.22-4)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/reset-pdeathsig-on-suid.patch]
2.6.8-sarge-security: pending (2.6.8-17sarge1) [reset-pdeathsig-on-suid.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge6) [247_reset-pdeathsig-on-suid.diff]
2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-12.40)
2.6.20-feisty-security: released (2.6.20-16.31)
|