CVE-2009-0028
published 2009-02-27CVE-2009-0028: The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child…
PriorityP416low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
0.70%
48.4th percentile
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
Affected
284 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.28 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
vendor_ubuntu4.0MEDIUM
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rvqj-x8r2-p6fr: The clone system call in the Linux kernel 2
ghsa_unreviewed·2022-05-02
CVE-2009-0028 [LOW] GHSA-rvqj-x8r2-p6fr: The clone system call in the Linux kernel 2
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
VMware
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
vendor_vmware·2009-11-20·CVSS 5.0
CVE-2007-2052 [MEDIUM] VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
VMSA-2009-0016: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2009-04-07·CVSS 4.0
CVE-2009-0029 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
NFS did not correctly handle races between fcntl and interrupts. A local
attacker on an NFS mount could consume unlimited kernel memory, leading to
a denial of service. (CVE-2008-4307)
Sparc syscalls did not correctly check mmap regions. A local attacker could
cause a system panic, leading to a denial of service. (CVE-2008-6107)
In certain situations, cloned processes were able to send signals to parent
processes, crossing privilege boundaries. A local attacker could send
arbitrary signals to parent processes, leading to a denial of service.
(CVE-2009-0028)
The 64-bit syscall interfaces did not correctly handle sign extension. A
local attacker could make malicious syscalls, possibly gaining root
privileges. The
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2009-04-06·CVSS 4.0
CVE-2008-4307 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
NFS did not correctly handle races between fcntl and interrupts. A local
attacker on an NFS mount could consume unlimited kernel memory, leading to
a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307)
Sparc syscalls did not correctly check mmap regions. A local attacker
could cause a system panic, leading to a denial of service. Ubuntu 8.10
was not affected. (CVE-2008-6107)
In certain situations, cloned processes were able to send signals to parent
processes, crossing privilege boundaries. A local attacker could send
arbitrary signals to parent processes, leading to a denial of service.
(CVE-2009-0028)
The kernel keyring did not free memory correctly. A local attacker could
consume unlimited kernel
Red Hat
Linux kernel minor signal handling vulnerability
vendor_redhat·2009-02-25·CVSS 2.1
CVE-2009-0028 [LOW] Linux kernel minor signal handling vulnerability
Linux kernel minor signal handling vulnerability
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
No detection rules found.
Bugzilla
Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases
bugzilla·2009-12-06·CVSS 6.8
CVE-2009-4297 [MEDIUM] Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases
Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11),
fixing multiple security issues.
The list for 1.9.7 release:
Security issues
* MSA-09-0022 - CVE-2009-4297 Multiple CSRF problems fixed
* MSA-09-0023 - CVE-2009-4298 Fixed user account disclosure in LAMS module
* MSA-09-0024 - CVE-2009-4299 Fixed insufficient access control in
Glossary module
* MSA-09-0025 - CVE-2009-4300 Unneeded MD5 hashes removed from user table
* MSA-09-0026 - CVE-2009-4301 Fixed invalid application access control
in MNET interface
* MSA-09-0027 - CVE-2009-4302 Ensured login information is always sent
secured when using SSL for logins
* MSA-09-0028 - CVE-2009-4303 Passwords and secrets are no longer ever
saved in backups, new
Bugzilla
CVE-2009-0028 Linux kernel minor signal handling vulnerability
bugzilla·2009-01-14·CVSS 2.1
CVE-2009-0028 [LOW] CVE-2009-0028 Linux kernel minor signal handling vulnerability
CVE-2009-0028 Linux kernel minor signal handling vulnerability
From Chris Evans:
It's a relatively minor signal issue where a child can send its parent process an arbitrary signal, even if the parent has a totally separate real and effective user id. This could be a nuisance in the case where long-running root daemons spawn direct child processes owned by untrusted users [*]. There may even be worse consequences if privileged processes have weak signal handling code for signals not normally triggerable by untrusted users.
Discussion:
man clone:
The low byte of flags contains the number of the termination signal sent to the parent when the child dies. If this signal is specified as anything other than SIGCHLD, then the parent process must specify the __WALL or __WCLONE options when wait
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlhttp://osvdb.org/52204http://rhn.redhat.com/errata/RHSA-2009-0459.htmlhttp://scary.beasts.org/security/CESA-2009-002.htmlhttp://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnerability.htmlhttp://secunia.com/advisories/33758http://secunia.com/advisories/34033http://secunia.com/advisories/34680http://secunia.com/advisories/34917http://secunia.com/advisories/34962http://secunia.com/advisories/34981http://secunia.com/advisories/35011http://secunia.com/advisories/35120http://secunia.com/advisories/35121http://secunia.com/advisories/35390http://secunia.com/advisories/35394http://secunia.com/advisories/37471http://wiki.rpath.com/Advisories:rPSA-2009-0084http://www.debian.org/security/2009/dsa-1787http://www.debian.org/security/2009/dsa-1794http://www.debian.org/security/2009/dsa-1800http://www.mandriva.com/security/advisories?name=MDVSA-2009:118http://www.redhat.com/support/errata/RHSA-2009-0326.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0451.htmlhttp://www.securityfocus.com/archive/1/503610/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/33906http://www.ubuntu.com/usn/usn-751-1http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2009/3316https://bugzilla.redhat.com/show_bug.cgi?id=479932https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11187https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7947http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlhttp://osvdb.org/52204http://rhn.redhat.com/errata/RHSA-2009-0459.htmlhttp://scary.beasts.org/security/CESA-2009-002.htmlhttp://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnerability.htmlhttp://secunia.com/advisories/33758http://secunia.com/advisories/34033http://secunia.com/advisories/34680http://secunia.com/advisories/34917http://secunia.com/advisories/34962http://secunia.com/advisories/34981http://secunia.com/advisories/35011http://secunia.com/advisories/35120http://secunia.com/advisories/35121http://secunia.com/advisories/35390http://secunia.com/advisories/35394http://secunia.com/advisories/37471http://wiki.rpath.com/Advisories:rPSA-2009-0084http://www.debian.org/security/2009/dsa-1787http://www.debian.org/security/2009/dsa-1794http://www.debian.org/security/2009/dsa-1800http://www.mandriva.com/security/advisories?name=MDVSA-2009:118http://www.redhat.com/support/errata/RHSA-2009-0326.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0451.htmlhttp://www.securityfocus.com/archive/1/503610/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/33906http://www.ubuntu.com/usn/usn-751-1http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2009/3316https://bugzilla.redhat.com/show_bug.cgi?id=479932https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11187https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7947
2009-02-27
Published