CVE-2007-3848 — Vulnetix

Try Vulnetix Request Demo

CVE-2007-3848 PUBLISHED CVSS 1.899999976158142 LOW

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

EPSS 0.08% · 24.1th percentile

Risk Scores

CVSS v2.0

1.899999976158142

EPSS Score

0.08%

24.1th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	0
n/a	n/a	n/a

Timeline

Aug 14, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

http://secunia.com/advisories/29570 technical
http://secunia.com/advisories/33280 technical
SUSE-SA:2008:017 vendor-advisory
RHSA-2007:0940 vendor-advisory
25387 vdb
27747 third-party-advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848 url
27212 third-party-advisory
27227 third-party-advisory
26664 third-party-advisory
20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process DeathSignal Vulnerability mailing-list
26643 third-party-advisory
https://issues.rpath.com/browse/RPL-1648 url
RHSA-2007:1049 vendor-advisory
28806 third-party-advisory
SUSE-SA:2007:053 vendor-advisory
27913 third-party-advisory
27322 third-party-advisory
20070816 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability mailing-list
26651 third-party-advisory

…and 23 more

Open in Interactive Console →