CVE-2007-4305
Summary
| CVE | CVE-2007-4305 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-08-13 21:17:00 UTC |
| Updated | 2008-09-05 21:27:00 UTC |
| Description | Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Netbsd | Netbsd | All | All | All | All |
| Operating System | Netbsd | Netbsd | All | All | All | All |
| Operating System | Openbsd | Openbsd | All | All | All | All |
| Operating System | Openbsd | Openbsd | All | All | All | All |
| Application | Sysjail | Sysjail | All | All | All | All |
| Application | Sysjail | Sysjail | All | All | All | All |
| Application | Systrace | Systrace | All | All | All | All |
| Application | Systrace | Systrace | All | All | All | All |
| Application | Todd Miller | Sudo | 1.5.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.5.7 | All | All | All |
| Application | Todd Miller | Sudo | 1.5.8 | All | All | All |
| Application | Todd Miller | Sudo | 1.5.9 | All | All | All |
| Application | Todd Miller | Sudo | 1.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4_p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4_p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5_p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5_p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.7_p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p12 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p8 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p9 | All | All | All |
| Application | Todd Miller | Sudo | 1.5.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.5.7 | All | All | All |
| Application | Todd Miller | Sudo | 1.5.8 | All | All | All |
| Application | Todd Miller | Sudo | 1.5.9 | All | All | All |
| Application | Todd Miller | Sudo | 1.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4_p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4_p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5_p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5_p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.7_p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p12 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p8 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8_p9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| OpenBSD Systrace and Sysjail Multiple Race Condition Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | |
| Exploiting Concurrency Vulnerabilities in System Call Wrappers | MISC | www.watson.org | |
| Systrace Multiple System Call Wrappers Concurrency Vulnerabilities | BID | www.securityfocus.com | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.