GSWTK Multiple System Call Wrappers Concurrency Vulnerabilities
BID:25251
Info
GSWTK Multiple System Call Wrappers Concurrency Vulnerabilities
| Bugtraq ID: | 25251 |
| Class: | Race Condition Error |
| CVE: |
CVE-2007-4302 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 09 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | Robert N. M. Watson discovered these issues. |
| Vulnerable: |
Generic Software Wrappers Toolkit Generic Software Wrappers Toolkit 1.6.3 |
| Not Vulnerable: | |
Discussion
GSWTK Multiple System Call Wrappers Concurrency Vulnerabilities
GSWKT (Generic Software Wrappers Toolkit) is prone to multiple concurrency vulnerabilities because of its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.
Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.
GSWKT 1.6.3 is vulnerable; other versions may also be affected.
GSWKT (Generic Software Wrappers Toolkit) is prone to multiple concurrency vulnerabilities because of its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.
Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.
GSWKT 1.6.3 is vulnerable; other versions may also be affected.
Exploit / POC
GSWTK Multiple System Call Wrappers Concurrency Vulnerabilities
The following exploit code is avaialble:
The following exploit code is avaialble:
Solution / Fix
GSWTK Multiple System Call Wrappers Concurrency Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
GSWTK Multiple System Call Wrappers Concurrency Vulnerabilities
References:
References:
- Exploiting Concurrency Vulnerabilities in System Call Wrappers (Robert N. M. Watson)
- Project Page (Generic Software Wrappers Toolkit)