Systrace
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-0343 | 0.03 | — | 0.01 | Jan 29, 2009 | Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in… | |||
| CVE-2007-4305 | 0.03 | — | 0.01 | Aug 13, 2007 | Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. | |||
| CVE-2004-2012 | 0.03 | — | 0.01 | Dec 31, 2004 | The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges. | |||
| CVE-2007-4773 | 0.00 | — | 0.02 | Jan 15, 2020 | Systrace before 1.6.0 has insufficient escape policy enforcement. | |||
| CVE-2009-0342 | 0.00 | — | 0.00 | Jan 29, 2009 | Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall. |
- CVE-2009-0343Jan 29, 2009risk 0.03cvss —epss 0.01
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in…
- CVE-2007-4305Aug 13, 2007risk 0.03cvss —epss 0.01
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
- CVE-2004-2012Dec 31, 2004risk 0.03cvss —epss 0.01
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
- CVE-2007-4773Jan 15, 2020risk 0.00cvss —epss 0.02
Systrace before 1.6.0 has insufficient escape policy enforcement.
- CVE-2009-0342Jan 29, 2009risk 0.00cvss —epss 0.00
Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.