Your submission was sent successfully! Close

CVE-2008-1294

Published: 2 May 2008

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy Not vulnerable

upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-52.67)
feisty Does not exist

gutsy Does not exist

hardy Does not exist

upstream Needs triage

linux-source-2.6.20
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty
Released (2.6.20-17.36)
gutsy Does not exist

hardy Does not exist

upstream Needs triage

linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Not vulnerable

hardy Does not exist

upstream Needs triage

Notes

AuthorNote
kees
linux-2.6: 9926e4c74300c4b31dee007298c6475d33369df0
for pre-2.6.17 kernels, the two prior RLIMIT_CPU fixes are needed:
ec9e16bacdba1da1ee15dd162384e22df5c87e09
e0661111e5441995f7a69dc4336c9f131cb9bc58

References

Bugs