Vulnerability in Linux Linux_kernel
CVE-2011-1182
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
EPSS: 0.001 (23.7th percentile) — read the EPSS interpretation.
Affected products
- Linux Linux_kernel
- Redhat Enterprise_linux — versions 5.0
- Redhat Enterprise_linux_aus — versions 5.6
- Redhat Enterprise_linux_desktop — versions 5.0
- Redhat Enterprise_linux_eus — versions 5.6
- Redhat Enterprise_linux_server — versions 5.0
- Redhat Enterprise_linux_workstation — versions 5.0
- N/a — versions n/a
References
- [oss-security] 20110323 Re: Linux kernel signal spoofing vulnerability (CVE request) (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- RHSA-2011:0927 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)