CVE-2007-4305

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-4305
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

6.2 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 1.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/26479
http://www.securityfocus.com/bid/25258 Exploit
http://www.watson.org/~robert/2007woot/
http://secunia.com/advisories/26479
http://www.securityfocus.com/bid/25258 Exploit
http://www.watson.org/~robert/2007woot/
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*
OR cpe:2.3:a:sysjail:sysjail:*:*:*:*:*:*:*:*
cpe:2.3:a:systrace:systrace:*:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
History

21 Nov 2024, 00:35

Type Values Removed Values Added
References () http://secunia.com/advisories/26479 - () http://secunia.com/advisories/26479 -
References () http://www.securityfocus.com/bid/25258 - Exploit () http://www.securityfocus.com/bid/25258 - Exploit
References () http://www.watson.org/~robert/2007woot/ - () http://www.watson.org/~robert/2007woot/ -
Information

Published : 2007-08-13 21:17

Updated : 2024-11-21 00:35

NVD link : CVE-2007-4305

Mitre link : CVE-2007-4305

CVE.ORG link : CVE-2007-4305

JSON object : View

Products Affected

systrace

  • systrace

netbsd

  • netbsd

todd_miller

  • sudo

sysjail

  • sysjail

openbsd

  • openbsd
CWE
NVD-CWE-Other