Lucene search

[email protected]NVD:CVE-2009-0343

HistoryJan 29, 2009 - 7:30 p.m.

CVE-2009-0343

2009-01-2919:30:00

CWE-264

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.

Affected configurations

NVD

Node

niels_provossystraceRange≤1.6e

niels_provossystraceMatch1.1

niels_provossystraceMatch1.2

niels_provossystraceMatch1.3

niels_provossystraceMatch1.4

niels_provossystraceMatch1.5

niels_provossystraceMatch1.6

niels_provossystraceMatch1.6a

niels_provossystraceMatch1.6b

niels_provossystraceMatch1.6c

niels_provossystraceMatch1.6d

AND

linuxlinux_kernelMatch_nil__nil_x86_64

References

scary.beasts.org/security/CESA-2009-001.html

scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html

www.citi.umich.edu/u/provos/systrace/

www.securityfocus.com/archive/1/500377/100/0/threaded

www.securityfocus.com/bid/33417

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2009-0343

prion3 cve3 cvelist3 ubuntucve2 nvd2 f52 nessus2 openvas3