CVE-2007-4305 : Detail

CVE-2007-4305

0.04%V3
Local
2007-08-13
19h00 +00:00
2007-08-22
07h00 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 30484

Publication date : 2007-08-08 22h00 +00:00
Author : Robert N. M. Watson
EDB Verified : Yes

source: https://www.securityfocus.com/bid/25258/info Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers. struct sockaddr_in *sa, restoresa; /* Set up two addresses with INADDR_ANY. */ sa = fork_malloc(sizeof(*sa)); sa->sin_len = sizeof(*sa); sa->sin_family = AF_INET; sa->sin_addr.s_addr = INADDR_ANY; sa->sin_port = htons(8888); restoresa = *sa; /* Create child to overwrite *sa after 500k cycles. */ pid = fork_and_overwrite_smp_afterwait(sa, &restoresa, sizeof(restoresa), 500000); error = bind(sock, sa, sizeof(*sa));

Products Mentioned

Configuraton 0

Netbsd>>Netbsd >> Version *

Openbsd>>Openbsd >> Version *

Sysjail>>Sysjail >> Version *

    Systrace>>Systrace >> Version *

      Todd_miller>>Sudo >> Version 1.5.6

        Todd_miller>>Sudo >> Version 1.5.7

          Todd_miller>>Sudo >> Version 1.5.8

            Todd_miller>>Sudo >> Version 1.5.9

              Todd_miller>>Sudo >> Version 1.6

              Todd_miller>>Sudo >> Version 1.6.1

              Todd_miller>>Sudo >> Version 1.6.2

              Todd_miller>>Sudo >> Version 1.6.3

              Todd_miller>>Sudo >> Version 1.6.3_p1

                Todd_miller>>Sudo >> Version 1.6.3_p2

                  Todd_miller>>Sudo >> Version 1.6.3_p3

                    Todd_miller>>Sudo >> Version 1.6.3_p4

                      Todd_miller>>Sudo >> Version 1.6.3_p5

                        Todd_miller>>Sudo >> Version 1.6.3_p6

                          Todd_miller>>Sudo >> Version 1.6.3_p7

                          Todd_miller>>Sudo >> Version 1.6.3p1

                            Todd_miller>>Sudo >> Version 1.6.3p2

                              Todd_miller>>Sudo >> Version 1.6.3p3

                                Todd_miller>>Sudo >> Version 1.6.3p4

                                  Todd_miller>>Sudo >> Version 1.6.3p5

                                    Todd_miller>>Sudo >> Version 1.6.3p6

                                      Todd_miller>>Sudo >> Version 1.6.3p7

                                        Todd_miller>>Sudo >> Version 1.6.4

                                        Todd_miller>>Sudo >> Version 1.6.4_p1

                                          Todd_miller>>Sudo >> Version 1.6.4_p2

                                            Todd_miller>>Sudo >> Version 1.6.4p1

                                              Todd_miller>>Sudo >> Version 1.6.4p2

                                              Todd_miller>>Sudo >> Version 1.6.5

                                              Todd_miller>>Sudo >> Version 1.6.5_p1

                                                Todd_miller>>Sudo >> Version 1.6.5_p2

                                                  Todd_miller>>Sudo >> Version 1.6.5p1

                                                    Todd_miller>>Sudo >> Version 1.6.5p2

                                                      Todd_miller>>Sudo >> Version 1.6.6

                                                      Todd_miller>>Sudo >> Version 1.6.7

                                                      Todd_miller>>Sudo >> Version 1.6.7_p5

                                                        Todd_miller>>Sudo >> Version 1.6.8

                                                        Todd_miller>>Sudo >> Version 1.6.8_p1

                                                          Todd_miller>>Sudo >> Version 1.6.8_p2

                                                            Todd_miller>>Sudo >> Version 1.6.8_p5

                                                              Todd_miller>>Sudo >> Version 1.6.8_p7

                                                                Todd_miller>>Sudo >> Version 1.6.8_p8

                                                                  Todd_miller>>Sudo >> Version 1.6.8_p9

                                                                    Todd_miller>>Sudo >> Version 1.6.8_p12

                                                                      References

                                                                      http://secunia.com/advisories/26479
                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                      http://www.securityfocus.com/bid/25258
                                                                      Tags : vdb-entry, x_refsource_BID