CVE-2008-1294

2008-05-0216:05:00

CWE-399

CWE-20

[email protected]

web.nvd.nist.gov

linux kernel

cve-2008-1294

rlimit_cpu

resource limits

nvd

7.1 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.20.6
linux:linux_kernellinux linux kerneleq2.6.17
linux:linux_kernellinux linux kerneleq2.6.20.9
linux:linux_kernellinux linux kerneleq2.6.18
linux:linux_kernellinux linux kerneleq2.6.16.16
linux:linux_kernellinux linux kerneleq2.6.20
linux:linux_kernellinux linux kerneleq2.6.18.7
linux:linux_kernellinux linux kerneleq2.6.17.12
linux:linux_kernellinux linux kerneleq2.6.16.39
linux:linux_kernellinux linux kerneleq2.6.21

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.20.6
linux:linux_kernel	linux linux kernel	eq	2.6.17
linux:linux_kernel	linux linux kernel	eq	2.6.20.9
linux:linux_kernel	linux linux kernel	eq	2.6.18
linux:linux_kernel	linux linux kernel	eq	2.6.16.16
linux:linux_kernel	linux linux kernel	eq	2.6.20
linux:linux_kernel	linux linux kernel	eq	2.6.18.7
linux:linux_kernel	linux linux kernel	eq	2.6.17.12
linux:linux_kernel	linux linux kernel	eq	2.6.16.39
linux:linux_kernel	linux linux kernel	eq	2.6.21