Freely subscribe to our NEWSLETTER

SYNTHESIS OF THE VULNERABILITY

A process can use clone() to kill its parent process, even if it
does not have sufficient privileges.

Gravity: 1/4

Consequences: denial of service of service

Provenance: user shell

Means of attack: 1 proof of concept

Ability of attacker: specialist (3/4)

Confidence: unique source (2/5)

Diffusion of the vulnerable configuration: medium (2/3)

Creation date: 25/02/2009

IMPACTED PRODUCTS

– Linux kernel

DESCRIPTION OF THE VULNERABILITY

The clone() system call creates a new process. The CLONE_PARENT
flag indicates that the parent of this process is the same as the
parent of the current process (there are "brothers"). The third
parameter of clone() can also indicate the signal to send to the
father when the child ends (SIGCHLD by default).

However, the kernel does not forbid the new process to send a
SIGKILL signal to the parent process, even it is privileged. The
current process thus asks to his "brother" to kill their parent
process.

For example, if attacker’s code runs in a child process created by
a daemon, he can kill the daemon.

CHARACTERISTICS

Identifiers: BID-33906, CESA-2009-002, VIGILANCE-VUL-8493

http://vigilance.fr/vulnerability/Linux-kernel-sending-a-signal-to-parent-via-clone-8493