CVE-2008-1294 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-1294 PUBLISHED CVSS 2.0999999046325684 LOW

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.

EPSS 0.04% · 11.7th percentile

Risk Scores

CVSS v2.0

2.0999999046325684

EPSS Score

0.04%

11.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
linux	linux_kernel	2.6.16, 2.6.2, 2.6.2

Timeline

May 2, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

http://secunia.com/advisories/30769 url
http://secunia.com/advisories/31341 url
http://bugs.gentoo.org/show_bug.cgi?id=215000 url
USN-618-1 vendor-advisory
DSA-1565 vendor-advisory
oval:org.mitre.oval:def:10974 vdb
29004 vdb
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=9926e4c74300c4b31dee007298c6475d33369df0 url
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 url
RHSA-2008:0612 vendor-advisory
30018 third-party-advisory
linux-kernel-rlimitcpu-security-bypass(42145) vdb
https://nvd.nist.gov/vuln/detail/CVE-2008-1294 advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9926e4c74300c4b31dee007298c6475d33369df0 url

Open in Interactive Console →