CerbNG Multiple System Call Wrappers Concurrency Vulnerabilities
BID:25259
Info
CerbNG Multiple System Call Wrappers Concurrency Vulnerabilities
| Bugtraq ID: | 25259 |
| Class: | Race Condition Error |
| CVE: |
CVE-2007-4303 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 09 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | Robert N. M. Watson discovered these issues. |
| Vulnerable: |
Cerb CerbNG 0.4 Cerb CerbNG 0.3 Cerb CerbNG 0.2 Cerb CerbNG 0.1 |
| Not Vulnerable: | |
Discussion
CerbNG Multiple System Call Wrappers Concurrency Vulnerabilities
CerbNG is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.
Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.
CerbNG is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.
Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.
Exploit / POC
CerbNG Multiple System Call Wrappers Concurrency Vulnerabilities
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
CerbNG Multiple System Call Wrappers Concurrency Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
CerbNG Multiple System Call Wrappers Concurrency Vulnerabilities
References:
References:
- Cerb Homepage (Cerb)
- Exploiting Concurrency Vulnerabilities in System Call Wrappers (Robert N. M. Watson)