Vulnerability Name:

CVE-2007-4305 (CCN-36058)

Assigned:2007-08-06
Published:2007-08-06
Updated:2008-09-05
Summary:Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
CVSS v3 Severity:4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
3.7 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2007-4305

Source: CCN
Type: SA26479
OpenBSD Systrace and Sysjail Multiple Race Condition Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26479

Source: CCN
Type: Sysjail Web site
sysjail

Source: CCN
Type: Systrace Web site
Systrace - Interactive Policy Generation for System Calls

Source: CCN
Type: Sudo Web site
Sudo Main Page

Source: CCN
Type: OSVDB ID: 39588
Multiple BSD Sudo Monitor Mode Race Condition Access Control Policy Bypass

Source: CCN
Type: OSVDB ID: 39589
Multiple BSD Systrace Sysjail Policies Race Condition Access Control Policy Bypass

Source: BID
Type: Exploit
25258

Source: CCN
Type: BID-25258
Systrace Multiple System Call Wrappers Concurrency Vulnerabilities

Source: MISC
Type: UNKNOWN
http://www.watson.org/~robert/2007woot/

Source: CCN
Type: First USENIX Workshop on Offensive Technologies (WOOT '07) Whitepaper
Exploiting Concurrency Vulnerabilities in System Call Wrappers

Source: XF
Type: UNKNOWN
systrace-sudo-sysjail-security-bypass(36058)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:netbsd:netbsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:sysjail:sysjail:*:*:*:*:*:*:*:*
  • OR cpe:/a:systrace:systrace:*:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
  • OR cpe:/a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:niels:provos_systrace:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:sysjail:sysjail:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:netbsd:netbsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    netbsd netbsd *
    openbsd openbsd *
    sysjail sysjail *
    systrace systrace *
    todd_miller sudo 1.5.6
    todd_miller sudo 1.5.7
    todd_miller sudo 1.5.8
    todd_miller sudo 1.5.9
    todd_miller sudo 1.6
    todd_miller sudo 1.6.1
    todd_miller sudo 1.6.2
    todd_miller sudo 1.6.3
    todd_miller sudo 1.6.3_p1
    todd_miller sudo 1.6.3_p2
    todd_miller sudo 1.6.3_p3
    todd_miller sudo 1.6.3_p4
    todd_miller sudo 1.6.3_p5
    todd_miller sudo 1.6.3_p6
    todd_miller sudo 1.6.3_p7
    todd_miller sudo 1.6.3p1
    todd_miller sudo 1.6.3p2
    todd_miller sudo 1.6.3p3
    todd_miller sudo 1.6.3p4
    todd_miller sudo 1.6.3p5
    todd_miller sudo 1.6.3p6
    todd_miller sudo 1.6.3p7
    todd_miller sudo 1.6.4
    todd_miller sudo 1.6.4_p1
    todd_miller sudo 1.6.4_p2
    todd_miller sudo 1.6.4p1
    todd_miller sudo 1.6.4p2
    todd_miller sudo 1.6.5
    todd_miller sudo 1.6.5_p1
    todd_miller sudo 1.6.5_p2
    todd_miller sudo 1.6.5p1
    todd_miller sudo 1.6.5p2
    todd_miller sudo 1.6.6
    todd_miller sudo 1.6.7
    todd_miller sudo 1.6.7_p5
    todd_miller sudo 1.6.8
    todd_miller sudo 1.6.8_p1
    todd_miller sudo 1.6.8_p2
    todd_miller sudo 1.6.8_p5
    todd_miller sudo 1.6.8_p7
    todd_miller sudo 1.6.8_p8
    todd_miller sudo 1.6.8_p9
    todd_miller sudo 1.6.8_p12
    niels provos systrace 1.1
    sysjail sysjail *
    netbsd netbsd *
    openbsd openbsd *