Back to search
CVE-2009-1337
Published: Apr 22, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
35390
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:135
vendor-advisory
x_refsource_MANDRIVA
20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel
mailing-list
x_refsource_BUGTRAQ
35226
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2009:028
vendor-advisory
x_refsource_SUSE
37471
third-party-advisory
x_refsource_SECUNIA
35160
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-5356
vendor-advisory
x_refsource_FEDORA
SUSE-SA:2009:032
vendor-advisory
x_refsource_SUSE
[oss-security] 20090407 CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check
mailing-list
x_refsource_MLIST
35656
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=493771
x_refsource_CONFIRM
DSA-1794
vendor-advisory
x_refsource_DEBIAN
20090516 rPSA-2009-0084-1 kernel
mailing-list
x_refsource_BUGTRAQ
SUSE-SA:2009:030
vendor-advisory
x_refsource_SUSE
[linux-kernel] 20090225 Re: [PATCH 2/2] exit_notify: kill the wrong capable(CAP_KILL) check
mailing-list
x_refsource_MLIST
35324
third-party-advisory
x_refsource_SECUNIA
35185
third-party-advisory
x_refsource_SECUNIA
35015
third-party-advisory
x_refsource_SECUNIA
http://patchwork.kernel.org/patch/16544/
x_refsource_CONFIRM
oval:org.mitre.oval:def:11206
vdb-entry
signature
x_refsource_OVAL
35011
third-party-advisory
x_refsource_SECUNIA
35120
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2009:031
vendor-advisory
x_refsource_SUSE
USN-793-1
vendor-advisory
x_refsource_UBUNTU
34981
third-party-advisory
x_refsource_SECUNIA
DSA-1800
vendor-advisory
x_refsource_DEBIAN
RHSA-2009:1077
vendor-advisory
x_refsource_REDHAT
1022141
vdb-entry
x_refsource_SECTRACK
34405
vdb-entry
x_refsource_BID
35387
third-party-advisory
x_refsource_SECUNIA
34917
third-party-advisory
x_refsource_SECUNIA
RHSA-2009:1550
vendor-advisory
x_refsource_REDHAT
DSA-1787
vendor-advisory
x_refsource_DEBIAN
RHSA-2009:1024
vendor-advisory
x_refsource_REDHAT
MDVSA-2009:119
vendor-advisory
x_refsource_MANDRIVA
[oss-security] 20090417 Re: CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check
mailing-list
x_refsource_MLIST
RHSA-2009:0473
vendor-advisory
x_refsource_REDHAT
http://wiki.rpath.com/Advisories:rPSA-2009-0084
x_refsource_CONFIRM
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc1
x_refsource_CONFIRM
RHSA-2009:0451
vendor-advisory
x_refsource_REDHAT
oval:org.mitre.oval:def:8295
vdb-entry
signature
x_refsource_OVAL
35121
third-party-advisory
x_refsource_SECUNIA
ADV-2009-3316
vdb-entry
x_refsource_VUPEN
35394
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10919
vdb-entry
signature
x_refsource_OVAL
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now