VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 53 of 55
  • CVE-2009-0142Feb 12, 2009
    risk 0.00cvss epss 0.00

    Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."

  • CVE-2009-0320Jan 28, 2009
    risk 0.00cvss epss 0.01

    Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of…

  • CVE-2009-0268Jan 26, 2009
    risk 0.00cvss epss 0.00

    Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.

  • CVE-2008-4307Jan 13, 2009
    risk 0.00cvss epss 0.00

    Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between…

  • CVE-2008-5303Dec 1, 2008
    risk 0.00cvss epss 0.00

    Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error…

  • CVE-2008-5302Dec 1, 2008
    risk 0.00cvss epss 0.00

    Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this…

  • CVE-2008-4229Nov 25, 2008
    risk 0.00cvss epss 0.00

    Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.

  • CVE-2008-5182Nov 21, 2008
    risk 0.00cvss epss 0.00

    The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.

  • CVE-2008-5021Nov 13, 2008
    risk 0.00cvss epss 0.04

    nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input…

  • CVE-2008-5009Nov 10, 2008
    risk 0.00cvss epss 0.00

    Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.

  • CVE-2008-3646Oct 10, 2008
    risk 0.00cvss epss 0.01

    The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.

  • CVE-2008-2958Jul 1, 2008
    risk 0.00cvss epss 0.00

    Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.

  • CVE-2008-2311Jul 1, 2008
    risk 0.00cvss epss 0.03

    Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

  • CVE-2008-2538Jun 3, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.

  • CVE-2008-2418May 23, 2008
    risk 0.00cvss epss 0.00

    Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.

  • CVE-2008-1669May 8, 2008
    risk 0.00cvss epss 0.00

    Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."

  • CVE-2008-1375May 2, 2008
    risk 0.00cvss epss 0.00

    Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

  • CVE-2008-1684Apr 6, 2008
    risk 0.00cvss epss 0.00

    inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.

  • CVE-2008-1570Mar 31, 2008
    risk 0.00cvss epss 0.00

    Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for…

  • CVE-2008-0059Mar 18, 2008
    risk 0.00cvss epss 0.02

    Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."