6.2

CVE-2007-4305

Exploit

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

Data is provided by the National Vulnerability Database (NVD)
SysjailSysjail
   NetbsdNetbsd
   OpenbsdOpenbsd
SystraceSystrace
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.5.6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.5.7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.5.8
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.5.9
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p3
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p4
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p3
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p4
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4_p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4_p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5_p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5_p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.7_p5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p8
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p9
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p12
   NetbsdNetbsd
   OpenbsdOpenbsd
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.12% 0.275
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C