Vulnerability Name:

CVE-2009-0342 (CCN-48209)

Assigned:2009-01-23
Published:2009-01-23
Updated:2018-10-11
Summary:Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2009-0342

Source: CCN
Type: CESA-2009-001 - rev 1
Linux syscall interception technologies partial bypass

Source: MISC
Type: Exploit
http://scary.beasts.org/security/CESA-2009-001.html

Source: MISC
Type: UNKNOWN
http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html

Source: CONFIRM
Type: UNKNOWN
http://www.citi.umich.edu/u/provos/systrace/

Source: CCN
Type: OSVDB ID: 52201
Linux Kernel syscall Filtering 32/64-bit Switching Bypass

Source: CCN
Type: OSVDB ID: 52461
Linux Kernel 32bit/64bit audit_syscall_entry Function 32/64 Bit Syscall Cross-handling Audit Configuration Restriction Bypass

Source: CCN
Type: OSVDB ID: 52462
Linux Kernel seccomp Subsystem kernel/seccomp.c __secure_computing Function 32/64 Bit Syscall Cross-handling Access Restriction Bypass

Source: CCN
Type: OSVDB ID: 53534
Systrace on x86_64 Linux Local Syscall Handling Access Restriction Bypass

Source: CCN
Type: Niels Provos Web site
Systrace 1.6f with 64-bit Linux ptrace support

Source: BUGTRAQ
Type: UNKNOWN
20090123 Problems with syscall filtering technologies on Linux

Source: BID
Type: Exploit
33417

Source: CCN
Type: BID-33417
Systrace 64-Bit Aware Linux Kernel Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
systrace-64bit-security-bypass(48209)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:provos:systrace:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:1.6a:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:1.6b:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:1.6c:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:1.6d:*:*:*:*:*:*:*
  • OR cpe:/a:provos:systrace:*:*:*:*:*:*:*:* (Version <= 1.6e)
  • AND
  • cpe:/o:linux:linux_kernel:_nil_:_nil_:x86_64:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:niels:provos_systrace:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:niels:provos_systrace:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:niels:provos_systrace:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:niels:provos_systrace:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:niels:provos_systrace:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:niels_provos:systrace:1.6e:*:*:*:*:*:*:*
  • OR cpe:/a:niels_provos:systrace:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:niels_provos:systrace:1.6a:*:*:*:*:*:*:*
  • OR cpe:/a:niels_provos:systrace:1.6b:*:*:*:*:*:*:*
  • OR cpe:/a:niels_provos:systrace:1.6c:*:*:*:*:*:*:*
  • OR cpe:/a:niels_provos:systrace:1.6d:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    provos systrace 1.1
    provos systrace 1.2
    provos systrace 1.3
    provos systrace 1.4
    provos systrace 1.5
    provos systrace 1.6
    provos systrace 1.6a
    provos systrace 1.6b
    provos systrace 1.6c
    provos systrace 1.6d
    provos systrace *
    linux linux kernel _nil_ _nil_
    niels provos systrace 1.4
    niels provos systrace 1.5
    niels provos systrace 1.3
    niels provos systrace 1.2
    niels provos systrace 1.1
    niels_provos systrace 1.6e
    niels_provos systrace 1.6
    niels_provos systrace 1.6a
    niels_provos systrace 1.6b
    niels_provos systrace 1.6c
    niels_provos systrace 1.6d
    mandriva linux 2009.0
    mandriva linux 2009.0 -