PT-2009-4024 · Linux · Linux Kernel
Eugene Teo
·
Published
2009-05-05
·
Updated
2020-08-21
·
CVE-2009-1527
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 2.6.30-rc4
Description:
A race condition exists in the ptrace attach function, allowing local users to gain privileges. This issue is related to locking an incorrect cred exec mutex object and can be exploited via a PTRACE ATTACH ptrace call during an exec system call that is launching a setuid application.
Recommendations:
For Linux kernel versions prior to 2.6.30-rc4, update to version 2.6.30-rc4 or later to resolve the issue.
Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel