Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-3848

Disclosure Date: August 14, 2007 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2007-3848 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848)

BID-25387 (http://www.securityfocus.com/bid/25387)

Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html

http://www.redhat.com/support/errata/RHSA-2007-0940.html

SECUNIA-27747 (http://secunia.com/advisories/27747)

SECUNIA-27212 (http://secunia.com/advisories/27212)

SECUNIA-27227 (http://secunia.com/advisories/27227)

SECUNIA-26664 (http://secunia.com/advisories/26664)

20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process DeathSignal Vulnerability (http://marc.info?l=bugtraq&m=118711306802632&w=2)

SECUNIA-26643 (http://secunia.com/advisories/26643)

https://issues.rpath.com/browse/RPL-1648

http://www.redhat.com/support/errata/RHSA-2007-1049.html

SECUNIA-28806 (http://secunia.com/advisories/28806)

http://www.novell.com/linux/security/advisories/2007_53_kernel.html

SECUNIA-27913 (http://secunia.com/advisories/27913)

SECUNIA-27322 (http://secunia.com/advisories/27322)

20070816 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability (http://www.securityfocus.com/archive/1/476803/100/0/threaded)

SECUNIA-26651 (http://secunia.com/advisories/26651)

http://www.redhat.com/support/errata/RHSA-2007-0939.html

USN-510-1 (http://www.ubuntu.com/usn/usn-510-1)

DSA-1504 (http://www.debian.org/security/2008/dsa-1504)

DSA-1356 (http://www.debian.org/security/2007/dsa-1356)

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

USN-509-1 (http://www.ubuntu.com/usn/usn-509-1)

SECUNIA-33280 (http://secunia.com/advisories/33280)

20070814 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability (http://www.securityfocus.com/archive/1/476538/100/0/threaded)

20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability (http://www.securityfocus.com/archive/1/476464/100/0/threaded)

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4

http://www.mandriva.com/security/advisories?name=MDKSA-2007:196

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

DSA-1503 (http://www.debian.org/security/2008/dsa-1503)

SECUNIA-29058 (http://secunia.com/advisories/29058)

SECUNIA-26500 (http://secunia.com/advisories/26500)

[openwall-announce] 20070814 Linux 2.4.35-ow2 (http://marc.info?l=openwall-announce&m=118710356812637&w=2)

http://www.redhat.com/support/errata/RHSA-2008-0787.html

SECUNIA-26450 (http://secunia.com/advisories/26450)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10120

USN-508-1 (http://www.ubuntu.com/usn/usn-508-1)

20070815 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability (http://www.securityfocus.com/archive/1/476677/100/0/threaded)

SECUNIA-27436 (http://secunia.com/advisories/27436)

SECUNIA-29570 (http://secunia.com/advisories/29570)

http://www.mandriva.com/security/advisories?name=MDKSA-2007:195

Miscellaneous

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848

http://marc.info/?l=bugtraq&m=118711306802632&w=2

http://marc.info/?l=openwall-announce&m=118710356812637&w=2

Rapid7

Technical Analysis