CVE-2007-3848

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

🔗 References (84)

• secalert@redhathttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
• secalert@redhathttp://marc.info/?l=bugtraq&m=118711306802632&w=2
• secalert@redhathttp://marc.info/?l=openwall-announce&m=118710356812637&w=2
• secalert@redhathttp://secunia.com/advisories/26450
• secalert@redhathttp://secunia.com/advisories/26500
• secalert@redhathttp://secunia.com/advisories/26643
• secalert@redhathttp://secunia.com/advisories/26651
• secalert@redhathttp://secunia.com/advisories/26664
• secalert@redhathttp://secunia.com/advisories/27212
• secalert@redhathttp://secunia.com/advisories/27227
• secalert@redhathttp://secunia.com/advisories/27322
• secalert@redhathttp://secunia.com/advisories/27436
• secalert@redhathttp://secunia.com/advisories/27747