CVE-2008-1294
Published: 2 May 2008
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
Notes
Author | Note |
---|---|
kees | linux-2.6: 9926e4c74300c4b31dee007298c6475d33369df0 for pre-2.6.17 kernels, the two prior RLIMIT_CPU fixes are needed: ec9e16bacdba1da1ee15dd162384e22df5c87e09 e0661111e5441995f7a69dc4336c9f131cb9bc58 |
Priority
Status
Package | Release | Status |
---|---|---|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Released
(2.6.15-52.67)
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
feisty |
Released
(2.6.20-17.36)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
|
|
hardy |
Does not exist
|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Not vulnerable
|