Vulnerability Details CVE-2021-43413
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- https://lists.gnu.org/archive/html/bug-hurd/2002-11/msg00263.html
- https://lists.gnu.org/archive/html/bug-hurd/2005-06/msg00191.html
- https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html
- https://www.mail-archive.com/bug-hurd%40gnu.org/msg32113.html
- https://lists.gnu.org/archive/html/bug-hurd/2002-11/msg00263.html
- https://lists.gnu.org/archive/html/bug-hurd/2005-06/msg00191.html
- https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html
- https://www.mail-archive.com/bug-hurd%40gnu.org/msg32113.html