CVE-2007-4303
Severity Score
6.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb.
Múltiples condiciones de carrera en (1) determinadas reglas y (2) copia de argumentos durante la protección de memoria virtual, en CerbNG para FreeBSD 4.8 permiten a usuarios locales vencer la interposición en llamadas del sistema y posiblemente obtener privilegios o evitar la monitorización, como se ha demostrado modificando líneas de comando en log-exec.cb.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-08-13 CVE Reserved
- 2007-08-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/26474 | Third Party Advisory | |
| http://www.securityfocus.com/bid/25259 | Vdb Entry | |
| http://www.watson.org/~robert/2007woot | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cerb Search vendor "Cerb" | Cerbng Search vendor "Cerb" for product "Cerbng" | 0.1 Search vendor "Cerb" for product "Cerbng" and version "0.1" | freebsd |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 4.8 Search vendor "Freebsd" for product "Freebsd" and version "4.8" | - |
Safe
|
| Cerb Search vendor "Cerb" | Cerbng Search vendor "Cerb" for product "Cerbng" | 0.2 Search vendor "Cerb" for product "Cerbng" and version "0.2" | freebsd |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 4.8 Search vendor "Freebsd" for product "Freebsd" and version "4.8" | - |
Safe
|
| Cerb Search vendor "Cerb" | Cerbng Search vendor "Cerb" for product "Cerbng" | 0.3 Search vendor "Cerb" for product "Cerbng" and version "0.3" | freebsd |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 4.8 Search vendor "Freebsd" for product "Freebsd" and version "4.8" | - |
Safe
|
| Cerb Search vendor "Cerb" | Cerbng Search vendor "Cerb" for product "Cerbng" | 0.4 Search vendor "Cerb" for product "Cerbng" and version "0.4" | freebsd |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 4.8 Search vendor "Freebsd" for product "Freebsd" and version "4.8" | - |
Safe
|