267240 – (CVE-2009-1338) Kernel: <2.6.28 kernel/signal.c kill_something_info() DOS (CVE-2009-1338)

Bug 267240 (CVE-2009-1338) - Kernel: <2.6.28 kernel/signal.c kill_something_info() DOS (CVE-2009-1338)

Summary: Kernel: <2.6.28 kernel/signal.c kill_something_info() DOS (CVE-2009-1338)

Status:	RESOLVED FIXED

Alias:	CVE-2009-1338

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux > 2.6 < 2.6.28]
Keywords:

Depends on:
Blocks:

Reported:	2009-04-23 16:34 UTC by Stefan Behte (RETIRED)
Modified:	2013-09-05 03:05 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-04-23 16:34:43 UTC

CVE-2009-1338 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1338):
  The kill_something_info function in kernel/signal.c in the Linux
  kernel before 2.6.28 does not consider PID namespaces when processing
  signals directed to PID -1, which allows local users to bypass the
  intended namespace isolation, and send arbitrary signals to all
  processes in all namespaces, via a kill command.