Vulnerability Name:

CVE-2009-1527 (CCN-50293)

Assigned:2009-04-26
Published:2009-04-26
Updated:2020-08-21
Summary:Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-362
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2009-1527

Source: CCN
Type: Linux Kernel GIT Repository
ptrace: ptrace_attach: fix the usage of ->cred_exec_mutex

Source: CONFIRM
Type: Mailing List, Patch, Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cad81bc2529ab8c62b6fdc83a1c0c7f4a87209eb

Source: CCN
Type: SA34977
Linux Kernel "ptrace_attach()" Privilege Escalation Vulnerability

Source: SECUNIA
Type: Broken Link
34977

Source: SECUNIA
Type: Broken Link
35120

Source: CONFIRM
Type: Broken Link
http://wiki.rpath.com/Advisories:rPSA-2009-0084

Source: CONFIRM
Type: Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc4

Source: CCN
Type: oss-security Mailing List, Mon, 04 May 2009 12:31:02 +0800
CVE request: kernel: ptrace_attach: fix the usage of ->cred_exec_mutex

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20090504 CVE request: kernel: ptrace_attach: fix the usage of ->cred_exec_mutex

Source: OSVDB
Type: Broken Link
54188

Source: CCN
Type: OSVDB ID: 54188
Linux Kernel ptrace_attach() Function cred_exec_mutex Handling Local Privilege Escalation

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20090516 rPSA-2009-0084-1 kernel

Source: BID
Type: Third Party Advisory, VDB Entry
34799

Source: CCN
Type: BID-34799
Linux Kernel 'ptrace_attach()' Local Privilege Escalation Vulnerability

Source: VUPEN
Type: Not Applicable
ADV-2009-1236

Source: XF
Type: Third Party Advisory, VDB Entry
linux-kernel-ptraceattach-code-execution(50293)

Source: XF
Type: UNKNOWN
linux-kernel-ptraceattach-code-execution(50293)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 2.6.29)
  • OR cpe:/o:linux:linux_kernel:2.6.30:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.29:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    linux linux kernel *
    linux linux kernel 2.6.30 -
    linux linux kernel 2.6.30 rc1
    linux linux kernel 2.6.30 rc2
    linux linux kernel 2.6.30 rc3
    linux linux kernel 2.6.29