6.2

CVE-2007-4305

Exploit

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SysjailSysjail
   NetbsdNetbsd
   OpenbsdOpenbsd
SystraceSystrace
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.5.6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.5.7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.5.8
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.5.9
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p3
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p4
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3_p7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p3
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p4
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.3p7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4_p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4_p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.4p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5_p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5_p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.5p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.6
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.7_p5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p1
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p2
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p5
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p7
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p8
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p9
   NetbsdNetbsd
   OpenbsdOpenbsd
Todd MillerSudo Version1.6.8_p12
   NetbsdNetbsd
   OpenbsdOpenbsd
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.275
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C