Vulnerability Details CVE-2009-0342
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.8%
CVSS Severity
CVSS v2 Score 7.2
References
- http://scary.beasts.org/security/CESA-2009-001.html
- http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
- http://www.citi.umich.edu/u/provos/systrace/
- http://www.securityfocus.com/archive/1/500377/100/0/threaded
- http://www.securityfocus.com/bid/33417
- http://scary.beasts.org/security/CESA-2009-001.html
- http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
- http://www.citi.umich.edu/u/provos/systrace/
- http://www.securityfocus.com/archive/1/500377/100/0/threaded
- http://www.securityfocus.com/bid/33417
Products affected by CVE-2009-0342
-
cpe:2.3:a:provos:systrace:*
-
cpe:2.3:a:provos:systrace:1.1
-
cpe:2.3:a:provos:systrace:1.2
-
cpe:2.3:a:provos:systrace:1.3
-
cpe:2.3:a:provos:systrace:1.4
-
cpe:2.3:a:provos:systrace:1.5
-
cpe:2.3:a:provos:systrace:1.6
-
cpe:2.3:a:provos:systrace:1.6a
-
cpe:2.3:a:provos:systrace:1.6b
-
cpe:2.3:a:provos:systrace:1.6c
-
cpe:2.3:a:provos:systrace:1.6d
-
cpe:2.3:o:linux:linux_kernel:_nil_