CVE-2009-1337 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2009-1337

CVE-2009-1337

April 22, 2009

The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.

Related Resources (51)

http://www.securityfocus.com/archive/1/503610/100/0/threaded

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html

http://www.debian.org/security/2009/dsa-1787

http://secunia.com/advisories/35394

http://secunia.com/advisories/35121

http://secunia.com/advisories/35011

http://secunia.com/advisories/35185

http://www.redhat.com/support/errata/RHSA-2009-0451.html

https://bugzilla.redhat.com/show_bug.cgi?id=493771

http://wiki.rpath.com/Advisories:rPSA-2009-0084

http://www.openwall.com/lists/oss-security/2009/04/07/1

http://www.openwall.com/lists/oss-security/2009/04/17/3

http://www.securitytracker.com/id?1022141

http://www.securityfocus.com/archive/1/507985/100/0/threaded

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11206

https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1337

http://secunia.com/advisories/35324

http://secunia.com/advisories/35390

http://secunia.com/advisories/35656

http://secunia.com/advisories/35226

http://secunia.com/advisories/34981

http://marc.info/?l=linux-kernel&m=123560588713763&w=2

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://patchwork.kernel.org/patch/16544/

http://secunia.com/advisories/35387

http://www.redhat.com/support/errata/RHSA-2009-1024.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=432870dab85a2f69dc417022646cb9a70acf7f94

http://www.mandriva.com/security/advisories?name=MDVSA-2009:119

http://secunia.com/advisories/37471

http://secunia.com/advisories/35015

http://www.securityfocus.com/archive/1/512019/100/0/threaded

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8295

http://www.vupen.com/english/advisories/2009/3316

https://rhn.redhat.com/errata/RHSA-2009-1550.html

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html

https://access.redhat.com/security/cve/CVE-2009-1337

http://secunia.com/advisories/35120

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html

http://www.ubuntu.com/usn/usn-793-1

http://www.redhat.com/support/errata/RHSA-2009-1077.html

http://www.debian.org/security/2009/dsa-1800

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc1

http://www.debian.org/security/2009/dsa-1794

http://www.securityfocus.com/bid/34405

http://rhn.redhat.com/errata/RHSA-2009-0473.html

http://secunia.com/advisories/35160

http://www.mandriva.com/security/advisories?name=MDVSA-2009:135

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10919

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html

http://secunia.com/advisories/34917

Do you need more information?

CVSS v4

Base Score:

2.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

4.4

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

EPSS

Base Score:

0.26