Lucene search

K
cve[email protected]CVE-2007-4305
HistoryAug 13, 2007 - 9:17 p.m.

CVE-2007-4305

2007-08-1321:17:00
NVD-CWE-Other
web.nvd.nist.gov
16
cve-2007-4305
race conditions
sudo
sysjail
systrace
netbsd
openbsd
access control
auditing

7.2 High

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

7.2 High

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

Related for CVE-2007-4305