National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-1338)

National Cyber Awareness System

Vulnerability Summary for CVE-2009-1338

Original release date:04/22/2009

Last revised:03/19/2012

Source: US-CERT/NIST

Overview

The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:4.6 (MEDIUM) (AV:L/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 3.9

CVSS Version 2 Metrics:

Access Vector: Locally exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (09/10/2009)

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1081.html .

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=496031

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=496031

External Source: CONFIRM

Name: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28

Type: Advisory; Patch Information

Hyperlink:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28

External Source: MLIST

Name: [linux-kernel] 20080723 Re: [PATCH 1/2] signals: kill(-1) should only signal processes in the same namespace

Type: Patch Information

Hyperlink:http://lkml.org/lkml/2008/7/23/148

External Source: CONFIRM

Name: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d25141a818383b3c3b09f065698c544a7a0ec6e7

Type: Advisory; Patch Information

Hyperlink:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d25141a818383b3c3b09f065698c544a7a0ec6e7

External Source: XF

Name: kernel-killsomethinginfo-security-bypass(50386)

Hyperlink:http://xforce.iss.net/xforce/xfdb/50386

External Source: UBUNTU

Name: USN-793-1

Hyperlink:http://www.ubuntu.com/usn/usn-793-1

External Source: BUGTRAQ

Name: 20090516 rPSA-2009-0084-1 kernel

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/503610/100/0/threaded

External Source: REDHAT

Name: RHSA-2009:1081

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-1081.html

External Source: MLIST

Name: [oss-security] 20090421 Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace

Hyperlink:http://www.openwall.com/lists/oss-security/2009/04/21/1

External Source: MLIST

Name: [oss-security] 20090417 Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace

Hyperlink:http://www.openwall.com/lists/oss-security/2009/04/17/4

External Source: MLIST

Name: [oss-security] 20090416 CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace

Hyperlink:http://www.openwall.com/lists/oss-security/2009/04/16/2

External Source: DEBIAN

Name: DSA-1800

Hyperlink:http://www.debian.org/security/2009/dsa-1800

External Source: DEBIAN

Name: DSA-1787

Hyperlink:http://www.debian.org/security/2009/dsa-1787

External Source: CONFIRM

Name: http://wiki.rpath.com/Advisories:rPSA-2009-0084

Hyperlink:http://wiki.rpath.com/Advisories:rPSA-2009-0084

External Source: SECUNIA

Name: 35656

Hyperlink:http://secunia.com/advisories/35656

External Source: SECUNIA

Name: 35343

Hyperlink:http://secunia.com/advisories/35343

External Source: SECUNIA

Name: 35121

Hyperlink:http://secunia.com/advisories/35121

External Source: SECUNIA

Name: 35120

Hyperlink:http://secunia.com/advisories/35120

External Source: SECUNIA

Name: 34981

Hyperlink:http://secunia.com/advisories/34981

Vulnerable software and versions

Configuration 1

* cpe:/o:linux:linux_kernel:2.6.24.7

* cpe:/o:linux:linux_kernel:2.6.25.15

* cpe:/o:linux:linux_kernel:2.6.23.15

* cpe:/o:linux:linux_kernel:2.6.23.17

* cpe:/o:linux:linux_kernel:2.6.23.16

* cpe:/o:linux:linux_kernel:2.6.23.11

* cpe:/o:linux:linux_kernel:2.6.23.9

* cpe:/o:linux:linux_kernel:2.6.23.13

* cpe:/o:linux:linux_kernel:2.6.25.2

* cpe:/o:linux:linux_kernel:2.6.23.12

* cpe:/o:linux:linux_kernel:2.6.21.5

* cpe:/o:linux:linux_kernel:2.6.20.21

* cpe:/o:linux:linux_kernel:2.6.23.8

* cpe:/o:linux:linux_kernel:2.6.20.18

* cpe:/o:linux:linux_kernel:2.6.20.17

* cpe:/o:linux:linux_kernel:2.6.20.20

* cpe:/o:linux:linux_kernel:2.6.20.19

* cpe:/o:linux:linux_kernel:2.6.19.7

* cpe:/o:linux:linux_kernel:2.6.20.16

* cpe:/o:linux:linux_kernel:2.6.19.5

* cpe:/o:linux:linux_kernel:2.6.19.6

* cpe:/o:linux:linux_kernel:2.6.19.4

* cpe:/o:linux:linux_kernel:2.6.25.5

* cpe:/o:linux:linux_kernel:2.6.23_rc1

* cpe:/o:linux:linux_kernel:2.6.24_rc4

* cpe:/o:linux:linux_kernel:2.6.24_rc5

* cpe:/o:linux:linux_kernel:2.4.36.4

* cpe:/o:linux:linux_kernel:2.4.36.5

* cpe:/o:linux:linux_kernel:2.4.36.1

* cpe:/o:linux:linux_kernel:2.6.22

* cpe:/o:linux:linux_kernel:2.4.36

* cpe:/o:linux:linux_kernel:2.6.18

* cpe:/o:linux:linux_kernel:2.4.36.3

* cpe:/o:linux:linux_kernel:2.6.23

* cpe:/o:linux:linux_kernel:2.4.36.2

* cpe:/o:linux:linux_kernel:2.6.25.16

* cpe:/o:linux:linux_kernel:2.6.25.17

* cpe:/o:linux:linux_kernel:2.6.22_rc7

* cpe:/o:linux:linux_kernel:2.6.21.6

* cpe:/o:linux:linux_kernel:2.6.22_rc1

* cpe:/o:linux:linux_kernel:2.6.23.10

* cpe:/o:linux:linux_kernel:2.6.21.7

* cpe:/o:linux:linux_kernel:2.6.24_rc1

* cpe:/o:linux:linux_kernel:2.6.24.6

* cpe:/o:linux:linux_kernel:2.6.25.4

* cpe:/o:linux:linux_kernel:2.6.25.13

* cpe:/o:linux:linux_kernel:2.6.25.3

* cpe:/o:linux:linux_kernel:2.6.25.14

* cpe:/o:linux:linux_kernel:2.6.24.1

* cpe:/o:linux:linux_kernel:2.6.24

* cpe:/o:linux:linux_kernel:2.6.25.10

* cpe:/o:linux:linux_kernel:2.6.25.11

* cpe:/o:linux:linux_kernel:2.4.36.6

* cpe:/o:linux:linux_kernel:2.6.22.1

* cpe:/o:linux:linux_kernel:2.2.27

* cpe:/o:linux:linux_kernel:2.6.25.12::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.11::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.8::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.6

* cpe:/o:linux:linux_kernel:2.6.25.7::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.7

* cpe:/o:linux:linux_kernel:2.6.25.6::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.5::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.4::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.3::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.2::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.10::x86_64

* cpe:/o:linux:linux_kernel:2.6.25.1::x86_64

* cpe:/o:linux:linux_kernel:2.6.18:rc5

* cpe:/o:linux:linux_kernel:2.6.18:rc6

* cpe:/o:linux:linux_kernel:2.6.18:rc7

* cpe:/o:linux:linux_kernel:2.6.18:rc1

* cpe:/o:linux:linux_kernel:2.6.18:rc2

* cpe:/o:linux:linux_kernel:2.6.25.8

* cpe:/o:linux:linux_kernel:2.6.18:rc3

* cpe:/o:linux:linux_kernel:2.6.18:rc4

* cpe:/o:linux:linux_kernel:2.6.25.1

* cpe:/o:linux:linux_kernel:2.6.25.12

* cpe:/o:linux:linux_kernel:2.6.24.2

* cpe:/o:linux:linux_kernel:2.6.22.22

* cpe:/o:linux:linux_kernel:2.6.22.21

* cpe:/o:linux:linux_kernel:2.6.22.20

* cpe:/o:linux:linux_kernel:2.6.22.19

* cpe:/o:linux:linux_kernel:2.6

* cpe:/o:linux:linux_kernel:2.6.24.3

* cpe:/o:linux:linux_kernel:2.6.24.4

* cpe:/o:linux:linux_kernel:2.6.24.5

* cpe:/o:linux:linux_kernel:2.6.25

* cpe:/o:linux:linux_kernel:2.6.22.2

* cpe:/o:linux:linux_kernel:2.6.22.8

* cpe:/o:linux:linux_kernel:2.6.22.9

* cpe:/o:linux:linux_kernel:2.6.22.14

* cpe:/o:linux:linux_kernel:2.6.22.15

* cpe:/o:linux:linux_kernel:2.6.22.17

* cpe:/o:linux:linux_kernel:2.6.22.18

* cpe:/o:linux:linux_kernel:2.6.22.10

* cpe:/o:linux:linux_kernel:2.6.22.11

* cpe:/o:linux:linux_kernel:2.6.22.12

* cpe:/o:linux:linux_kernel:2.6.22.13

* cpe:/o:linux:linux_kernel:2.6.25.9

* cpe:/o:linux:linux_kernel:2.6.25.9::x86_64

* cpe:/o:linux:linux_kernel:2.6.25::x86_64

* cpe:/o:linux:linux_kernel:2.6.26

* cpe:/o:linux:linux_kernel:2.6.26.1

* cpe:/o:linux:linux_kernel:2.6.26.2

* cpe:/o:linux:linux_kernel:2.6.26.3

* cpe:/o:linux:linux_kernel:2.6.26.4

* cpe:/o:linux:linux_kernel:2.6.26.5

* cpe:/o:linux:linux_kernel:2.6.27

* cpe:/o:linux:linux_kernel:2.6.27.20

* cpe:/o:linux:linux_kernel:2.6.27.21 and previous versions

* cpe:/o:linux:linux_kernel:2.6.27.7

* cpe:/o:linux:linux_kernel:2.6.27.8

* cpe:/o:linux:linux_kernel:2.6.27.5

* cpe:/o:linux:linux_kernel:2.6.27.6

* cpe:/o:linux:linux_kernel:2.6.27.13

* cpe:/o:linux:linux_kernel:2.6.27.14

* cpe:/o:linux:linux_kernel:2.6.27.10

* cpe:/o:linux:linux_kernel:2.6.27.17

* cpe:/o:linux:linux_kernel:2.6.27.9

* cpe:/o:linux:linux_kernel:2.6.27.12

* cpe:/o:linux:linux_kernel:2.6.27.15

* cpe:/o:linux:linux_kernel:2.6.27.11

* cpe:/o:linux:linux_kernel:2.6.27.16

* cpe:/o:linux:linux_kernel:2.6.27.19

* cpe:/o:linux:linux_kernel:2.6.27.18

* cpe:/o:linux:linux_kernel:2.6.27.1

* cpe:/o:linux:linux_kernel:2.6.27.2

* cpe:/o:linux:linux_kernel:2.6.27.3

* cpe:/o:linux:linux_kernel:2.6.27.4

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Permissions, Privileges, and Access Control (CWE-264)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1338