Vulnerabilities > CVE-2007-4303 - System Call Wrappers Concurrency vulnerability in CerbNG

CVSS 6.2 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

high complexity

freebsd

cerb

NVD

Published: 2007-08-13

Updated: 2008-09-05

Summary

Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 4.8	1
Application	Cerb Cerb Cerbng 0.1 Cerb Cerbng 0.2 Cerb Cerbng 0.3 Cerb Cerbng 0.4	4

References

http://secunia.com/advisories/26474
http://www.securityfocus.com/bid/25259
http://www.watson.org/~robert/2007woot/