Vulnerability Description
Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 4.8 |
| Cerb | Cerbng | 0.1 |
References
- http://secunia.com/advisories/26474
- http://www.securityfocus.com/bid/25259
- http://www.watson.org/~robert/2007woot/
- http://secunia.com/advisories/26474
- http://www.securityfocus.com/bid/25259
- http://www.watson.org/~robert/2007woot/
FAQ
What is CVE-2007-4303?
CVE-2007-4303 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privilege...
How severe is CVE-2007-4303?
CVE-2007-4303 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4303?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd, Cerb Cerbng.