Vulnerabilities > CVE-2007-4305 - System Call Wrappers Concurrency vulnerability in Systrace

047910
CVSS 6.2 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
high complexity
netbsd
openbsd
sysjail
systrace
todd-miller
exploit available
NVD
Published: 2007-08-13
Updated: 2008-09-05

Summary

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

Vulnerable Configurations

Part Description Count
OS
Netbsd
1
OS
Openbsd
1
Application
Sysjail
1
Application
Systrace
1
Application
Todd_Miller
43

Exploit-Db

descriptionSystrace Multiple System Call Wrappers Concurrency Vulnerabilities. CVE-2007-4305. Local exploit for bsd platform
idEDB-ID:30484
last seen2016-02-03
modified2007-08-09
published2007-08-09
reporterRobert N. M. Watson
sourcehttps://www.exploit-db.com/download/30484/
titleSystrace Multiple System Call Wrappers Concurrency Vulnerabilities

References