CVE-2008-1294
Publication date 2 May 2008
Last updated 24 July 2024
Ubuntu priority
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 8.04 LTS hardy |
Not affected
|
7.10 gutsy | Not in release | |
7.04 feisty | Not in release | |
6.06 LTS dapper | Not in release | |
linux-source-2.6.15 | 8.04 LTS hardy | Not in release |
7.10 gutsy | Not in release | |
7.04 feisty | Not in release | |
6.06 LTS dapper |
Fixed 2.6.15-52.67
|
|
linux-source-2.6.20 | 8.04 LTS hardy | Not in release |
7.10 gutsy | Not in release | |
7.04 feisty |
Fixed 2.6.20-17.36
|
|
6.06 LTS dapper | Not in release | |
linux-source-2.6.22 | 8.04 LTS hardy | Not in release |
7.10 gutsy |
Not affected
|
|
7.04 feisty | Not in release | |
6.06 LTS dapper | Not in release |
Notes
kees
linux-2.6: 9926e4c74300c4b31dee007298c6475d33369df0 for pre-2.6.17 kernels, the two prior RLIMIT_CPU fixes are needed: ec9e16bacdba1da1ee15dd162384e22df5c87e09 e0661111e5441995f7a69dc4336c9f131cb9bc58