All the vulnerabilites related to systrace - systrace
cve-2007-4305
Vulnerability from cvelistv5
Published
2007-08-13 21:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/26479 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.watson.org/~robert/2007woot/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/25258 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26479"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.watson.org/~robert/2007woot/"
},
{
"name": "25258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26479"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.watson.org/~robert/2007woot/"
},
{
"name": "25258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26479"
},
{
"name": "http://www.watson.org/~robert/2007woot/",
"refsource": "MISC",
"url": "http://www.watson.org/~robert/2007woot/"
},
{
"name": "25258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4305",
"datePublished": "2007-08-13T21:00:00",
"dateReserved": "2007-08-13T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-08-13 21:17
Modified
2024-11-21 00:35
Severity ?
Summary
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B55E4B92-88E0-41F0-AFA7-046A8D34A2CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sysjail:sysjail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CEAF47B-07F3-41C1-8AB1-E6F730B52235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:systrace:systrace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "946E0FEF-F738-4EDE-9FD6-7F80428F3C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6060C8CB-1592-479E-86AD-AC180F855BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAA88C-BADD-405A-9E66-5B0839595A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "04D5E3B7-5377-4CA8-BA0D-056870CB717E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "22C11931-B594-43EC-9698-7152B1DF8CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B29018-B495-482A-8FF7-66821A178F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "38718561-70C7-4E0D-9313-87A5E82ED338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
"matchCriteriaId": "D057064A-9B34-4224-97BA-4D5840A92BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C297DC-69B1-4BE6-A5EF-D320BD0CA968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
"matchCriteriaId": "338A92AC-92D2-40BF-9FAC-884AF6F74D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6848519-57E8-4636-BE10-A0AF06787B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A458EA77-772C-4641-A08A-5733FA386974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*",
"matchCriteriaId": "57B7415D-FE7F-4F67-8384-016BD6044015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*",
"matchCriteriaId": "09429504-327B-44B3-A651-E933EADA0300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*",
"matchCriteriaId": "7889BA46-0FAA-4D62-B2BB-B895060F5585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*",
"matchCriteriaId": "84FD9DD4-A6D0-40F4-9A8E-8E0017BE349C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*",
"matchCriteriaId": "B02CEAA5-8409-42AF-A4AE-58D9D16F007F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5170421-BA0C-4365-9CD6-BD232EA08680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "5909AAA4-4AF9-4D23-87C5-5D7787909B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3E4716-6D11-46DD-9378-3C733BBDCD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "03C07744-CAE8-44C6-965E-2A09BAE1F36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "B17E0E59-C928-49AB-BAA7-4AE638B376D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F99CB6-E185-4CE0-9E43-C5AE9017717B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F6F9C6-85B6-450F-9165-B23C2BF83EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C898BE7-506D-49DA-8619-F86C7A9FE902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "51F7E821-2908-47F1-9665-E9D68ECC242F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "C90D0AB4-F8A8-4301-99B5-757254FA999A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
"matchCriteriaId": "A79C7098-37D0-4E6E-A22C-3C771D81956F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7D2832-B654-406E-AA34-B3BD1D6F0A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
"matchCriteriaId": "D5688D95-89EF-4D2E-9728-2316CAC3CBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
"matchCriteriaId": "B69E49B2-1B3C-4434-ACF1-CF4F519E3C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*",
"matchCriteriaId": "31B2C299-5D0B-44DA-91FD-4B1146BE9A7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing."
},
{
"lang": "es",
"value": "M\u00faltiples condiciones de carrera en (1) el modo monitor de Sudo Y (2) pol\u00edticas Sysjail en Systrace de NetBSD y OpenBSD permiten a usuarios locales vencer la interposici\u00f3n en llamadas al sistema, y por tanto evitar la pol\u00edtica de control de acceso y monitorizaci\u00f3n."
}
],
"id": "CVE-2007-4305",
"lastModified": "2024-11-21T00:35:16.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-13T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26479"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25258"
},
{
"source": "cve@mitre.org",
"url": "http://www.watson.org/~robert/2007woot/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.watson.org/~robert/2007woot/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}