Launchpad.net

CVE 2009-1337

The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.

Related bugs and status

CVE-2009-1337 (Candidate) is related to these bugs:

Bug #371651: [Jaunty] Update kernel to Linux 2.6.28.10

Summary				In	Importance	Status
	371651	[Jaunty] Update kernel to Linux 2.6.28.10		linux (Ubuntu)	Undecided	Invalid
	371651	[Jaunty] Update kernel to Linux 2.6.28.10		linux (Ubuntu Jaunty)	Medium	Fix Released

Bug #395973: Please update kernel to version 2.6.24-26.34 to fix several security vulnerabilities

Summary				In	Importance	Status
	395973	Please update kernel to version 2.6.24-26.34 to fix several security vulnerabilities		The Dell Mini Project	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009040...
MLIST: [oss-security] 2009041...
CONFIRM: http://git.kernel.org/...
CONFIRM: http://patchwork.kerne...
CONFIRM: http://www.kernel.org/...
CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2009:0451
SECUNIA: 34917
DEBIAN: DSA-1787
SECUNIA: 34981
DEBIAN: DSA-1794
SECUNIA: 35011
SECTRACK: 1022141
REDHAT: RHSA-2009:0473
SECUNIA: 35015
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1800
MANDRIVA: MDVSA-2009:119
REDHAT: RHSA-2009:1024
SUSE: SUSE-SA:2009:028
SECUNIA: 35121
SECUNIA: 35185
FEDORA: FEDORA-2009-5356
SECUNIA: 35226
SECUNIA: 35160
REDHAT: RHSA-2009:1077
SECUNIA: 35120
SUSE: SUSE-SA:2009:030
SUSE: SUSE-SA:2009:031
SUSE: SUSE-SA:2009:032
SECUNIA: 35390
SECUNIA: 35394
BID: 34405
MANDRIVA: MDVSA-2009:135
SECUNIA: 35387
REDHAT: RHSA-2009:1550
CONFIRM: http://www.vmware.com/...
SECUNIA: 37471
VUPEN: ADV-2009-3316
UBUNTU: USN-793-1
SECUNIA: 35656
SECUNIA: 35324
MLIST: [linux-kernel] 2009022...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090516 rPSA-2009-008...
BUGTRAQ: 20091120 VMSA-2009-001...
BUGTRAQ: 20100625 VMSA-2010-001...