CVE - CVE-2009-1338

CVE-ID
CVE-2009-1338	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090516 rPSA-2009-0084-1 kernel URL:http://www.securityfocus.com/archive/1/503610/100/0/threaded MLIST:[linux-kernel] 20080723 Re: [PATCH 1/2] signals: kill(-1) should only signal processes in the same namespace URL:http://lkml.org/lkml/2008/7/23/148 MLIST:[oss-security] 20090416 CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace URL:http://www.openwall.com/lists/oss-security/2009/04/16/2 MLIST:[oss-security] 20090417 Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace URL:http://www.openwall.com/lists/oss-security/2009/04/17/4 MLIST:[oss-security] 20090421 Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace URL:http://www.openwall.com/lists/oss-security/2009/04/21/1 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d25141a818383b3c3b09f065698c544a7a0ec6e7 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=496031 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0084 DEBIAN:DSA-1787 URL:http://www.debian.org/security/2009/dsa-1787 DEBIAN:DSA-1800 URL:http://www.debian.org/security/2009/dsa-1800 REDHAT:RHSA-2009:1081 URL:http://www.redhat.com/support/errata/RHSA-2009-1081.html UBUNTU:USN-793-1 URL:http://www.ubuntu.com/usn/usn-793-1 SECUNIA:34981 URL:http://secunia.com/advisories/34981 SECUNIA:35121 URL:http://secunia.com/advisories/35121 SECUNIA:35120 URL:http://secunia.com/advisories/35120 SECUNIA:35656 URL:http://secunia.com/advisories/35656 SECUNIA:35343 URL:http://secunia.com/advisories/35343 XF:kernel-killsomethinginfo-security-bypass(50386) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/50386
Assigning CNA
N/A
Date Entry Created
20090417	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090417)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org