Systrace Multiple System Call Wrappers Concurrency Vulnerabilities

Bugtraq ID:	25258
Class:	Race Condition Error
CVE:	CVE-2007-4305
Remote:	No
Local:	Yes
Published:	Aug 09 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	Robert N. M. Watson discovered these issues.
Vulnerable:	Todd Miller Sudo cvs Systrace Systrace 0 Sysjail Sysjail 0
Not Vulnerable:

Systrace Multiple System Call Wrappers Concurrency Vulnerabilities

Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.

Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.

Systrace Multiple System Call Wrappers Concurrency Vulnerabilities

The following exploit code is available:

• /data/vulnerabilities/exploits/25258.c

Systrace Multiple System Call Wrappers Concurrency Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Systrace Multiple System Call Wrappers Concurrency Vulnerabilities

References:

• Sudo Home Page (GratiSoft)
  
• Sysjail Homepage (Sysjail)
  
• Systrace Homepage (Systrace)
  
• Exploiting Concurrency Vulnerabilities in System Call Wrappers (Robert N. M. Watson)