Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4352

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-4352
Last Modified 05 Sep 2008 04:56:40
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4352

Summary

The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."

Vulnerable Systems

Operating System

  • Linux Kernel 2.6 Test9 Cvs

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.10

  • Linux Kernel 2.6.11

  • Linux Kernel 2.6.11.11

  • Linux Kernel 2.6.11.12

  • Linux Kernel 2.6.11.5

  • Linux Kernel 2.6.11.6

  • Linux Kernel 2.6.11.7

  • Linux Kernel 2.6.11.8

  • Linux Kernel 2.6.12

  • Linux Kernel 2.6.12.1

  • Linux Kernel 2.6.12.2

  • Linux Kernel 2.6.12.3

  • Linux Kernel 2.6.12.4

  • Linux Kernel 2.6.12.5

  • Linux Kernel 2.6.12.6

  • Linux Kernel 2.6.13

  • Linux Kernel 2.6.13.1

  • Linux Kernel 2.6.13.2

  • Linux Kernel 2.6.13.3

  • Linux Kernel 2.6.13.4

  • Linux Kernel 2.6.14

  • Linux Kernel 2.6.14.1

  • Linux Kernel 2.6.14.2

  • Linux Kernel 2.6.14.3

  • Linux Kernel 2.6.15

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Linux Kernel 2.6.4

  • Linux Kernel 2.6.5

  • Linux Kernel 2.6.6

  • Linux Kernel 2.6.7

  • Linux Kernel 2.6.8

  • Linux Kernel 2.6.9

  • Netbsd 1.6

  • Netbsd 1.6.1

  • Netbsd 1.6.2

  • Netbsd 2.0

  • Netbsd 2.0.1

  • Netbsd 2.0.2

  • Netbsd 2.0.3

  • Netbsd 2.1

  • Netbsd Current


References

BID - 16170

BUGTRAQ - 20060109 Time modification flaw in BSD securelevels on NetBSD and Linux

MISC - http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt

SECTRACK - 1015454

XF - bsd-securelevel-settimeofday-bypass(24036)

BUGTRAQ - 20070615 rPSA-2007-0124-1 kernel xen

SECUNIA - 25691


Last Updated: 27 May 2016 10:41:16