CVE-2007-3848

Severity

19%

Complexity

34%

Confidentiality

48%

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

CVSS 2.0 Base Score 1.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 17 years ago

2007-08-14 17:17:00

Last updated 6 years ago

2018-10-15 21:31:00

Affected Software

Linux Kernel

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848

SUSE-SA:2008:006

SUSE-SA:2008:017

20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process DeathSignal Vulnerability

[openwall-announce] 20070814 Linux 2.4.35-ow2

26450

26500

26643

26651

26664

27212

27227

27322

27436

27747

27913

28806

29058

29570

33280

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

DSA-1356

DSA-1503

DSA-1504

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4

MDKSA-2007:195

MDKSA-2007:196

SUSE-SA:2007:053

RHSA-2007:0939

RHSA-2007:0940

RHSA-2007:1049

RHSA-2008:0787

20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability

20070814 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability

20070815 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability

20070816 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability

25387

USN-508-1

USN-509-1

USN-510-1

https://issues.rpath.com/browse/RPL-1648

oval:org.mitre.oval:def:10120

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.