Published: 18/09/2009 Updated: 10/10/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The kernel in NetBSD, probably 5.0.1 and previous versions, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netbsd netbsd 3.0.2
netbsd netbsd 3.1
netbsd netbsd 1.6.1
netbsd netbsd 1.6.2
netbsd netbsd 1.3.2
netbsd netbsd 1.3.3
netbsd netbsd 1.2
netbsd netbsd
netbsd netbsd 5.0
netbsd netbsd 2.0
netbsd netbsd 2.0.1
netbsd netbsd 1.5.3
netbsd netbsd 1.5.2
netbsd netbsd 1.2.1
netbsd netbsd 1.1
netbsd netbsd 3.0
netbsd netbsd 3.0.1
netbsd netbsd 2.1
netbsd netbsd 1.6
netbsd netbsd 1.3
netbsd netbsd 1.3.1
netbsd netbsd 0.8
netbsd netbsd 4.0
netbsd netbsd 4.0.1
netbsd netbsd 2.0.2
netbsd netbsd 2.0.3
netbsd netbsd 1.5.1
netbsd netbsd 1.5
netbsd netbsd 1.0
netbsd netbsd 0.9

/* source: wwwsecurityfocuscom/bid/36430/info NetBSD is prone to a local privilege-escalation vulnerability A local attacker may exploit this issue to cause the kernel stack to become desynchronized This may allow the attacker to gain elevated privileges or may aid in further attacks */ /* */ int main(int argc, char **argv) { ...

CWE-264 http://www.securityfocus.com/archive/1/506531/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33229/

CVE-2009-2793

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect