Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4305

4 documents4 sources

Severity

6.2MEDIUM

EPSS

0.1%

top 68.48%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Todd Miller Sudo

Timeline

PublishedAug 13

Latest updateMay 1

Description

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

▶NVDtodd_miller/sudo43 versions+42

🔴Vulnerability Details

GHSA

GHSA-3vw3-g8hp-j327: Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system ca↗2022-05-01

▶

CVEList

CVE-2007-4305: Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system ca↗2007-08-13

▶

💥Exploits & PoCs

Exploit-DB

Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities↗2007-08-09

▶