Cerb: Security Vulnerabilities
Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb.
CVSS Score
6.2
EPSS Score
0.001
Published
2007-08-13
CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an "incorrect write protection of pages".
CVSS Score
6.2
EPSS Score
0.0
Published
2007-08-13