Vulnerability Description
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.6.0 |
| Netbsd | Netbsd | 1.6 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.htmlExploitVendor Advisory
- http://secunia.com/advisories/25691
- http://securitytracker.com/id?1015454
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txtExploitVendor Advisory
- http://www.securityfocus.com/archive/1/421426/100/0/threaded
- http://www.securityfocus.com/archive/1/471457
- http://www.securityfocus.com/bid/16170Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24036
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.htmlExploitVendor Advisory
- http://secunia.com/advisories/25691
- http://securitytracker.com/id?1015454
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txtExploitVendor Advisory
- http://www.securityfocus.com/archive/1/421426/100/0/threaded
- http://www.securityfocus.com/archive/1/471457
- http://www.securityfocus.com/bid/16170Patch
FAQ
What is CVE-2005-4352?
CVE-2005-4352 is a vulnerability with a CVSS score of 2.1 (LOW). The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead t...
How severe is CVE-2005-4352?
CVE-2005-4352 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4352?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netbsd Netbsd.