Vulnerability Description
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 2.6.28 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
- http://osvdb.org/52204
- http://rhn.redhat.com/errata/RHSA-2009-0459.html
- http://scary.beasts.org/security/CESA-2009-002.html
- http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnera
- http://secunia.com/advisories/33758
- http://secunia.com/advisories/34033
- http://secunia.com/advisories/34680
- http://secunia.com/advisories/34917
- http://secunia.com/advisories/34962
- http://secunia.com/advisories/34981
- http://secunia.com/advisories/35011
- http://secunia.com/advisories/35120
FAQ
What is CVE-2009-0028?
CVE-2009-0028 is a vulnerability with a CVSS score of 2.1 (LOW). The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child proces...
How severe is CVE-2009-0028?
CVE-2009-0028 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0028?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.