Vulnerability Description
verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netbsd | Netbsd | 2.0 |
References
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/verified_exec.c.diff?r1=1.4&r2=1
- http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.htmlPatch
- http://releng.netbsd.org/cgi-bin/req-2-0.cgi?show=1988
- http://www.osvdb.org/20725Patch
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/verified_exec.c.diff?r1=1.4&r2=1
- http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.htmlPatch
- http://releng.netbsd.org/cgi-bin/req-2-0.cgi?show=1988
- http://www.osvdb.org/20725Patch
FAQ
What is CVE-2005-4779?
CVE-2005-4779 is a vulnerability with a CVSS score of 3.6 (LOW). verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow loc...
How severe is CVE-2005-4779?
CVE-2005-4779 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4779?
Check the references section above for vendor advisories and patch information. Affected products include: Netbsd Netbsd.