Vulnerability Details : CVE-2009-0342
Potential exploit
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
Products affected by CVE-2009-0342
- cpe:2.3:a:provos:systrace:*:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.6d:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.6a:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.6b:*:*:*:*:*:*:*
- cpe:2.3:a:provos:systrace:1.6c:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0342
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0342
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2009-0342
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0342
-
http://www.citi.umich.edu/u/provos/systrace/
Systrace - Interactive Policy Generation for System Calls
-
http://www.securityfocus.com/archive/1/500377/100/0/threaded
-
http://scary.beasts.org/security/CESA-2009-001.html
Exploit
-
http://www.securityfocus.com/bid/33417
Exploit
-
http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
Jump to