// For flags

CVE-2007-3848

Privilege escalation via PR_SET_PDEATHSIG

Severity Score

1.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

El núcleo Linux 2.4.35 y otras versiones permite a usuarios locales enviar señales de su elección a un proceso hijo que está ejecutándose con privilegios mayores provocando que un proceso padre con setuid-root muera, lo cual envía desde un proceso padre controlado por el atacante una señal de muerte (PR_SET_PDEATHSIG).

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-07-18 CVE Reserved
  • 2007-08-14 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (44)
URL Tag Source
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848 X_refsource_misc
http://marc.info/?l=bugtraq&m=118711306802632&w=2 Mailing List
http://marc.info/?l=openwall-announce&m=118710356812637&w=2 Mailing List
http://secunia.com/advisories/26450 Third Party Advisory
http://secunia.com/advisories/26500 Third Party Advisory
http://secunia.com/advisories/26643 Third Party Advisory
http://secunia.com/advisories/26651 Third Party Advisory
http://secunia.com/advisories/26664 Third Party Advisory
http://secunia.com/advisories/27212 Third Party Advisory
http://secunia.com/advisories/27227 Third Party Advisory
http://secunia.com/advisories/27322 Third Party Advisory
http://secunia.com/advisories/27436 Third Party Advisory
http://secunia.com/advisories/27747 Third Party Advisory
http://secunia.com/advisories/27913 Third Party Advisory
http://secunia.com/advisories/28806 Third Party Advisory
http://secunia.com/advisories/29058 Third Party Advisory
http://secunia.com/advisories/29570 Third Party Advisory
http://secunia.com/advisories/33280 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4 X_refsource_confirm
http://www.securityfocus.com/archive/1/476464/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/476538/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/476677/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/476803/100/0/threaded Mailing List
http://www.securityfocus.com/bid/25387 Vdb Entry
https://issues.rpath.com/browse/RPL-1648 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10120 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html 2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html 2018-10-15
http://www.debian.org/security/2007/dsa-1356 2018-10-15
http://www.debian.org/security/2008/dsa-1503 2018-10-15
http://www.debian.org/security/2008/dsa-1504 2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195 2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 2018-10-15
http://www.novell.com/linux/security/advisories/2007_53_kernel.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0939.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0940.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-1049.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0787.html 2018-10-15
http://www.ubuntu.com/usn/usn-508-1 2018-10-15
http://www.ubuntu.com/usn/usn-509-1 2018-10-15
http://www.ubuntu.com/usn/usn-510-1 2018-10-15
https://access.redhat.com/security/cve/CVE-2007-3848 2009-01-08
https://bugzilla.redhat.com/show_bug.cgi?id=250972 2009-01-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 2.4.35
Search vendor "Linux" for product "Linux Kernel" and version " <= 2.4.35"
-
Affected