Vulnerability Details : CVE-2009-0343
Potential exploit
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.
Products affected by CVE-2009-0343
- cpe:2.3:a:niels_provos:systrace:*:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.6b:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.6c:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.6d:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:niels_provos:systrace:1.6a:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0343
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0343
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2009-0343
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0343
-
http://www.citi.umich.edu/u/provos/systrace/
Systrace - Interactive Policy Generation for System Calls
-
http://www.securityfocus.com/archive/1/500377/100/0/threaded
-
http://scary.beasts.org/security/CESA-2009-001.html
Exploit
-
http://www.securityfocus.com/bid/33417
Exploit
-
http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
Jump to