oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2009-0028 Linux kernel minor signal handling vulnerability

From: Eugene Teo <eugene () redhat com>
Date: Wed, 11 Mar 2009 08:34:24 +0800
Reported by Chris Evans:
It's a relatively minor signal issue where a child can send its parent process an arbitrary signal, even if the parent has a totally separate real and effective user id. This could be a nuisance in the case where long-running root daemons spawn direct child processes owned by untrusted users [*]. There may even be worse consequences if privileged processes have weak signal handling code for signals not normally triggerable by untrusted users. 

This is fixed in upstream kernel - 2d5516cbb9d

References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0028
http://scary.beasts.org/security/CESA-2009-002.html
http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnerability.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2d5516cbb9daf7d0e342a2e3b0fc6f8c39a81205

Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: