Main Vulnerability Database Exploits ID:10061 - Exploit for Security restrictions bypass in Linux kernel - CVE-2009-0835

ID:10061 - Exploit for Security restrictions bypass in Linux kernel - CVE-2009-0835

Published: June 20, 2024

Vulnerability identifier: #VU92845

Vulnerability risk: Low

CVE-ID: CVE-2009-0835

CWE-ID: CWE-264

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.exploit-db.com/exploits/32829/

Vulnerability description

The vulnerability allows a local user to read and manipulate data.

The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.

Remediation

Install update from vendor's repository.

ID:10061 - Exploit for Security restrictions bypass in Linux kernel - CVE-2009-0835

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human