Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4305

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2007-4305
Last Modified 05 Sep 2008 05:27:54
Published 13 Aug 2007 05:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2007-4305

Summary

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

Vulnerable Systems

Application

  • Sysjail

  • Systrace

  • Todd Miller Sudo 1.5.6

  • Todd Miller Sudo 1.5.7

  • Todd Miller Sudo 1.5.8

  • Todd Miller Sudo 1.5.9

  • Todd Miller Sudo 1.6

  • Todd Miller Sudo 1.6.1

  • Todd Miller Sudo 1.6.2

  • Todd Miller Sudo 1.6.3

  • Todd Miller Sudo 1.6.3 P1

  • Todd Miller Sudo 1.6.3 P2

  • Todd Miller Sudo 1.6.3 P3

  • Todd Miller Sudo 1.6.3 P4

  • Todd Miller Sudo 1.6.3 P5

  • Todd Miller Sudo 1.6.3 P6

  • Todd Miller Sudo 1.6.3 P7

  • Todd Miller Sudo 1.6.3p1

  • Todd Miller Sudo 1.6.3p2

  • Todd Miller Sudo 1.6.3p3

  • Todd Miller Sudo 1.6.3p4

  • Todd Miller Sudo 1.6.3p5

  • Todd Miller Sudo 1.6.3p6

  • Todd Miller Sudo 1.6.3p7

  • Todd Miller Sudo 1.6.4

  • Todd Miller Sudo 1.6.4 P1

  • Todd Miller Sudo 1.6.4 P2

  • Todd Miller Sudo 1.6.4p1

  • Todd Miller Sudo 1.6.4p2

  • Todd Miller Sudo 1.6.5

  • Todd Miller Sudo 1.6.5 P1

  • Todd Miller Sudo 1.6.5 P2

  • Todd Miller Sudo 1.6.5p1

  • Todd Miller Sudo 1.6.5p2

  • Todd Miller Sudo 1.6.6

  • Todd Miller Sudo 1.6.7

  • Todd Miller Sudo 1.6.7 P5

  • Todd Miller Sudo 1.6.8

  • Todd Miller Sudo 1.6.8 P1

  • Todd Miller Sudo 1.6.8 P12

  • Todd Miller Sudo 1.6.8 P2

  • Todd Miller Sudo 1.6.8 P5

  • Todd Miller Sudo 1.6.8 P7

  • Todd Miller Sudo 1.6.8 P8

  • Todd Miller Sudo 1.6.8 P9


References

MISC - http://www.watson.org/~robert/2007woot/

BID - 25258

SECUNIA - 26479


Last Updated: 27 May 2016 10:45:50