Secunia SmallBusiness
Products
Solutions
Customers
Partner
Resources
Company
Careers
Community

CVE Reference: CVE-2009-1337
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2009-1337

Description:
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/usn-793-1

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html
  http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
  http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
  http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html

ST
  1022141

SAID
  Secunia Advisory: SA35120
  Secunia Advisory: SA35160
  Secunia Advisory: SA35226
  Secunia Advisory: SA35185
  Secunia Advisory: SA35121
  Secunia Advisory: SA35015
  Secunia Advisory: SA35011
  Secunia Advisory: SA34981
  Secunia Advisory: SA34917
  Secunia Advisory: SA35390
  Secunia Advisory: SA35394
  Secunia Advisory: SA35387
  Secunia Advisory: SA37471
  Secunia Advisory: SA35656
  Secunia Advisory: SA35324

REDHAT
  http://www.redhat.com/support/errata/RHSA-2009-0451.html
  http://rhn.redhat.com/errata/RHSA-2009-0473.html
  http://www.redhat.com/support/errata/RHSA-2009-1024.html
  http://www.redhat.com/support/errata/RHSA-2009-1077.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8295
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11206
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10919

MLIST
  http://marc.info/?l=linux-kernel&m=123560588713763&w=2
  http://www.openwall.com/lists/oss-security/2009/04/07/1
  http://www.openwall.com/lists/oss-security/2009/04/17/3

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2009:135
  http://www.mandriva.com/security/advisories?name=MDVSA-2009:119

FEDORA

DEBIAN
  http://www.debian.org/security/2009/dsa-1787
  http://www.debian.org/security/2009/dsa-1794
  http://www.debian.org/security/2009/dsa-1800

CONFIRM
  http://www.vmware.com/security/advisories/VMSA-2009-0016.html
  http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc1
  http://patchwork.kernel.org/patch/16544/
  http://wiki.rpath.com/Advisories:rPSA-2009-0084
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=432870dab85a2f69dc417022646cb9a70acf7f94

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/512019/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/503610/100/0/threaded

BID
  34405


Return to the previous page.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability