Vulnerability Description
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Provos | Systrace | <= 1.6e |
| Linux | Linux Kernel | _nil_ |
Related Weaknesses (CWE)
References
- http://scary.beasts.org/security/CESA-2009-001.htmlExploit
- http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
- http://www.citi.umich.edu/u/provos/systrace/
- http://www.securityfocus.com/archive/1/500377/100/0/threaded
- http://www.securityfocus.com/bid/33417Exploit
- http://scary.beasts.org/security/CESA-2009-001.htmlExploit
- http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
- http://www.citi.umich.edu/u/provos/systrace/
- http://www.securityfocus.com/archive/1/500377/100/0/threaded
- http://www.securityfocus.com/bid/33417Exploit
FAQ
What is CVE-2009-0342?
CVE-2009-0342 is a vulnerability with a CVSS score of 7.2 (HIGH). Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-c...
How severe is CVE-2009-0342?
CVE-2009-0342 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0342?
Check the references section above for vendor advisories and patch information. Affected products include: Provos Systrace, Linux Linux Kernel.