CVE-2008-1294 (retired)

Priority
Description
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when
a user attempts to set RLIMIT_CPU to 0 until after the change is made,
which allows local users to bypass intended resource limits.
Notes
 kees> linux-2.6: 9926e4c74300c4b31dee007298c6475d33369df0
 kees> for pre-2.6.17 kernels, the two prior RLIMIT_CPU fixes are needed:
 kees> ec9e16bacdba1da1ee15dd162384e22df5c87e09
 kees> e0661111e5441995f7a69dc4336c9f131cb9bc58
Assigned-to
kees
Package
Source: linux (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:43:24 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)