Launchpad CVE tracker

CVE 2008-1294

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.

Related bugs and status

CVE-2008-1294 (Candidate) is related to these bugs:

Bug #107209: setrlimit can unlimit CPU by setting to 0 seconds in some cases

		In	Importance	Status
107209	setrlimit can unlimit CPU by setting to 0 seconds in some cases	linux-source-2.6.20 (Ubuntu)	Low	Fix Released
107209	setrlimit can unlimit CPU by setting to 0 seconds in some cases	Debian	Unknown	Fix Released
107209	setrlimit can unlimit CPU by setting to 0 seconds in some cases	linux-source-2.6.17 (Ubuntu)	Low	Won't Fix
107209	setrlimit can unlimit CPU by setting to 0 seconds in some cases	linux-source-2.6.15 (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://git.kernel.org/...
CONFIRM: http://bugs.gentoo.org...
BID: 29004
CONFIRM: http://kernel.org/pub/...
SECUNIA: 30769
UBUNTU: USN-618-1
REDHAT: RHSA-2008:0612
SECUNIA: 31341
DEBIAN: DSA-1565
SECUNIA: 30018
XF: linux-kernel-rlimitcpu...
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2008-1294

Related bugs and status

Related bugs

References