CVE-2007-3848

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html

http://marc.info/?l=bugtraq&m=118711306802632&w=2

http://marc.info/?l=openwall-announce&m=118710356812637&w=2

http://secunia.com/advisories/26450

http://secunia.com/advisories/26500

http://secunia.com/advisories/26643

http://secunia.com/advisories/26651

http://secunia.com/advisories/26664

http://secunia.com/advisories/27212

http://secunia.com/advisories/27227

http://secunia.com/advisories/27322

http://secunia.com/advisories/27436

http://secunia.com/advisories/27747

http://secunia.com/advisories/27913

http://secunia.com/advisories/28806

http://secunia.com/advisories/29058

http://secunia.com/advisories/29570

http://secunia.com/advisories/33280

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

http://www.debian.org/security/2007/dsa-1356

http://www.debian.org/security/2008/dsa-1503

http://www.debian.org/security/2008/dsa-1504

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4

http://www.mandriva.com/security/advisories?name=MDKSA-2007:195

http://www.mandriva.com/security/advisories?name=MDKSA-2007:196

http://www.novell.com/linux/security/advisories/2007_53_kernel.html

http://www.redhat.com/support/errata/RHSA-2007-0939.html

http://www.redhat.com/support/errata/RHSA-2007-0940.html

http://www.redhat.com/support/errata/RHSA-2007-1049.html

http://www.redhat.com/support/errata/RHSA-2008-0787.html

http://www.securityfocus.com/archive/1/476464/100/0/threaded

http://www.securityfocus.com/archive/1/476538/100/0/threaded

http://www.securityfocus.com/archive/1/476677/100/0/threaded

http://www.securityfocus.com/archive/1/476803/100/0/threaded

http://www.securityfocus.com/bid/25387

http://www.ubuntu.com/usn/usn-508-1

http://www.ubuntu.com/usn/usn-509-1

http://www.ubuntu.com/usn/usn-510-1

https://issues.rpath.com/browse/RPL-1648

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10120

Details

Source: MITRE

Published: 2007-08-14

Updated: 2018-10-15

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.4.35 (inclusive)

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
67609Oracle Linux 3 : kernel (ELSA-2007-1049)NessusOracle Linux Local Security Checks
medium
67581Oracle Linux 5 : kernel (ELSA-2007-0940)NessusOracle Linux Local Security Checks
medium
67580Oracle Linux 4 : kernel (ELSA-2007-0939)NessusOracle Linux Local Security Checks
medium
60321Scientific Linux Security Update : kernel on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60280Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60272Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
59123SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)NessusSuSE Local Security Checks
high
43654CentOS 5 : kernel (CESA-2007:0940)NessusCentOS Local Security Checks
medium
37953CentOS 4 : kernel (CESA-2007:0939)NessusCentOS Local Security Checks
medium
35323RHEL 2.1 : kernel (RHSA-2009:0001)NessusRed Hat Local Security Checks
high
31148Debian DSA-1504-1 : kernel-source-2.6.8 - several vulnerabilitiesNessusDebian Local Security Checks
high
31147Debian DSA-1503-1 : kernel-source-2.4.27 - several vulnerabilitiesNessusDebian Local Security Checks
high
30142openSUSE 10 Security Update : kernel (kernel-4929)NessusSuSE Local Security Checks
high
29487SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4185)NessusSuSE Local Security Checks
high
29203RHEL 3 : kernel (RHSA-2007:1049)NessusRed Hat Local Security Checks
medium
29190CentOS 3 : kernel (CESA-2007:1049)NessusCentOS Local Security Checks
medium
28114Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-510-1)NessusUbuntu Local Security Checks
high
28113Ubuntu 6.10 : linux-source-2.6.17 vulnerabilities (USN-509-1)NessusUbuntu Local Security Checks
medium
28112Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-508-1)NessusUbuntu Local Security Checks
high
27734Fedora 7 : kernel-2.6.22.4-65.fc7 (2007-1785)NessusFedora Local Security Checks
low
27616RHEL 4 : kernel (RHSA-2007:0939)NessusRed Hat Local Security Checks
medium
27565RHEL 5 : kernel (RHSA-2007:0940)NessusRed Hat Local Security Checks
medium
27561Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)NessusMandriva Local Security Checks
high
25909Debian DSA-1356-1 : linux-2.6 - several vulnerabilitiesNessusDebian Local Security Checks
high
801441CentOS RHSA-2007-1049 Security CheckLog Correlation EngineGeneric
high
801440CentOS RHSA-2007-0940 Security CheckLog Correlation EngineGeneric
high
801439CentOS RHSA-2007-0939 Security CheckLog Correlation EngineGeneric
high