CVE-2007-3848 — Vulnetix

CVE-2007-3848 PUBLISHED CVSS 1.899999976158142 LOW

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

EPSS 0.09% · 24.8th percentile

Risk Scores

CVSS 2.0

1.899999976158142

EPSS Score

0.09%

24.8th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	0
n/a	n/a	n/a

Exploit Intelligence

SUSE-SA:2008:017 (circl)
RHSA-2007:0940 (circl)
25387 (circl)
27747 (circl)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848 (circl)
27212 (circl)
27227 (circl)
26664 (circl)
20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process DeathSignal Vulnerability (circl)
26643 (circl)

…and 32 more exploits

Timeline

Aug 14, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score

References

http://secunia.com/advisories/29570 technical
http://secunia.com/advisories/33280 technical
SUSE-SA:2008:017 vendor-advisory
RHSA-2007:0940 vendor-advisory
25387 vdb
27747 third-party-advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848 url
27212 third-party-advisory
27227 third-party-advisory
26664 third-party-advisory
20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process DeathSignal Vulnerability mailing-list
26643 third-party-advisory
https://issues.rpath.com/browse/RPL-1648 url
RHSA-2007:1049 vendor-advisory
28806 third-party-advisory
SUSE-SA:2007:053 vendor-advisory
27913 third-party-advisory
27322 third-party-advisory
20070816 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability mailing-list
26651 third-party-advisory

…and 23 more

Open in Interactive Console →