CVE-2007-4305

Sažetak

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

Reference

http://secunia.com/advisories/26479
http://www.securityfocus.com/bid/25258
http://www.watson.org/~robert/2007woot/

CVSS

Base:	6.2
Impact:	10.0
Exploitability:	1.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:H/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

05-09-2008 - 21:27

Objavljeno

13-08-2007 - 21:17