Vulnerability Description
Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 2.4.35 |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
- http://marc.info/?l=bugtraq&m=118711306802632&w=2
- http://marc.info/?l=openwall-announce&m=118710356812637&w=2
- http://secunia.com/advisories/26450
- http://secunia.com/advisories/26500
- http://secunia.com/advisories/26643
- http://secunia.com/advisories/26651
- http://secunia.com/advisories/26664
- http://secunia.com/advisories/27212
- http://secunia.com/advisories/27227
- http://secunia.com/advisories/27322
- http://secunia.com/advisories/27436
- http://secunia.com/advisories/27747
FAQ
What is CVE-2007-3848?
CVE-2007-3848 is a vulnerability with a CVSS score of 1.9 (LOW). Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delive...
How severe is CVE-2007-3848?
CVE-2007-3848 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3848?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.