Lucene search

K
cve[email protected]CVE-2005-4779
HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4779

2005-12-3105:00:00
NVD-CWE-Other
web.nvd.nist.gov
18
netbsd
vulnerability
verifiedexecioctl
verified_exec.c
ndinit
uio_userspace
uid_sysspace
local users
trojan horse
nvd

7.4 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs.

7.4 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%