CVE-2007-4303: Race Condition
First published: Mon Aug 13 2007(Updated: )
Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | =4.8 | |
| Cerb | =0.1 | |
| Cerb | =0.2 | |
| Cerb | =0.3 | |
| Cerb | =0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-4303?
CVE-2007-4303 is considered a high severity vulnerability due to the potential for local users to gain elevated privileges.
How do I fix CVE-2007-4303?
To fix CVE-2007-4303, you should upgrade to a non-vulnerable version of CerbNG or apply any available patches.
Who is affected by CVE-2007-4303?
CVE-2007-4303 affects users running CerbNG versions 0.1 to 0.4 on FreeBSD 4.8.
What types of attacks can CVE-2007-4303 enable?
CVE-2007-4303 can enable local users to bypass system call interposition and audit logging.
Is there a known exploit for CVE-2007-4303?
Yes, CVE-2007-4303 has been demonstrated to be exploitable by manipulating command lines in log-exec.cb.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/4.8
- vendor/cerb
- canonical/cerb
- version/cerb/0.1
- version/cerb/0.2
- version/cerb/0.3
- version/cerb/0.4