CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
ClassDraftLikelihood: Medium
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (767)
page 37 of 39| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-0142 | 0.00 | — | 0.00 | Feb 12, 2009 | Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." | ||
| CVE-2009-0320 | 0.00 | — | 0.01 | Jan 28, 2009 | Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." | ||
| CVE-2009-0268 | 0.00 | — | 0.00 | Jan 26, 2009 | Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl. | ||
| CVE-2008-4307 | 0.00 | — | 0.00 | Jan 13, 2009 | Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case. | ||
| CVE-2008-5303 | 0.00 | — | 0.00 | Dec 1, 2008 | Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. | ||
| CVE-2008-5302 | 0.00 | — | 0.00 | Dec 1, 2008 | Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. | ||
| CVE-2008-4229 | 0.00 | — | 0.00 | Nov 25, 2008 | Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. | ||
| CVE-2008-5182 | 0.00 | — | 0.00 | Nov 21, 2008 | The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. | ||
| CVE-2008-5009 | 0.00 | — | 0.00 | Nov 10, 2008 | Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file. | ||
| CVE-2008-3646 | 0.00 | — | 0.01 | Oct 10, 2008 | The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. | ||
| CVE-2008-2958 | 0.00 | — | 0.00 | Jul 1, 2008 | Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories. | ||
| CVE-2008-2311 | 0.00 | — | 0.03 | Jul 1, 2008 | Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. | ||
| CVE-2008-2538 | 0.00 | — | 0.00 | Jun 3, 2008 | Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors. | ||
| CVE-2008-2418 | 0.00 | — | 0.00 | May 23, 2008 | Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. | ||
| CVE-2008-1669 | 0.00 | — | 0.00 | May 8, 2008 | Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." | ||
| CVE-2008-1375 | 0.00 | — | 0.00 | May 2, 2008 | Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. | ||
| CVE-2008-1684 | 0.00 | — | 0.00 | Apr 6, 2008 | inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | ||
| CVE-2008-1570 | 0.00 | — | 0.00 | Mar 31, 2008 | Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569. | ||
| CVE-2008-0055 | 0.00 | — | 0.00 | Mar 18, 2008 | Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | ||
| CVE-2008-0059 | 0.00 | — | 0.01 | Mar 18, 2008 | Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." |