CVE-2007-4303 - OpenCVE

Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cerb	Cerbng
Freebsd	Freebsd

Configuration 1 [-]

AND

cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*

OR	cpe:2.3:a:cerb:cerbng:0.1::freebsd:::::
	cpe:2.3:a:cerb:cerbng:0.2::freebsd:::::
	cpe:2.3:a:cerb:cerbng:0.3::freebsd:::::
	cpe:2.3:a:cerb:cerbng:0.4::freebsd:::::

No data.

References

Link	Providers
http://secunia.com/advisories/26474
http://www.securityfocus.com/bid/25259
http://www.watson.org/~robert/2007woot/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-13T21:00:00

Updated: 2024-08-07T14:53:55.458Z

Reserved: 2007-08-13T00:00:00

Link: CVE-2007-4303

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2007-08-13T21:17:00.000

Modified: 2008-09-05T21:27:54.257

Link: CVE-2007-4303

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-08-22T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.watson.org/~robert/2007woot/"}, {"name": "26474", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26474"}, {"name": "25259", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25259"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4303", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.watson.org/~robert/2007woot/", "refsource": "MISC", "url": "http://www.watson.org/~robert/2007woot/"}, {"name": "26474", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26474"}, {"name": "25259", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25259"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:55.458Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.watson.org/~robert/2007woot/"}, {"name": "26474", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26474"}, {"name": "25259", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25259"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4303", "datePublished": "2007-08-13T21:00:00", "dateReserved": "2007-08-13T00:00:00", "dateUpdated": "2024-08-07T14:53:55.458Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:cerb:cerbng:0.1:*:freebsd:*:*:*:*:*", "matchCriteriaId": "0181B778-3BF9-41A3-BAA0-1D0259E64AE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cerb:cerbng:0.2:*:freebsd:*:*:*:*:*", "matchCriteriaId": "F3C8CEE0-3973-4B6A-ABF1-630C56FB41E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cerb:cerbng:0.3:*:freebsd:*:*:*:*:*", "matchCriteriaId": "1D418808-847A-42D7-97B8-167790F869FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cerb:cerbng:0.4:*:freebsd:*:*:*:*:*", "matchCriteriaId": "54FF562D-154E-4576-BB79-467D97CA842B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb."}, {"lang": "es", "value": "M\u00faltiples condiciones de carrera en (1) determinadas reglas y (2) copia de argumentos durante la protecci\u00f3n de memoria virtual, en CerbNG para FreeBSD 4.8 permiten a usuarios locales vencer la interposici\u00f3n en llamadas del sistema y posiblemente obtener privilegios o evitar la monitorizaci\u00f3n, como se ha demostrado modificando l\u00edneas de comando en log-exec.cb."}], "id": "CVE-2007-4303", "lastModified": "2008-09-05T21:27:54.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-13T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26474"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25259"}, {"source": "cve@mitre.org", "url": "http://www.watson.org/~robert/2007woot/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}