Security features in Linux kernel - CVE-2005-4352
Published: December 31, 2005 / Updated: October 19, 2018
Vulnerability identifier: #VU99912
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2005-4352
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to corrupt data.
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka 'settimeofday() time wrap.'
How to mitigate CVE-2005-4352
Install update from vendor's repository.
Sources
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html
- http://secunia.com/advisories/25691
- http://securitytracker.com/id?1015454
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
- http://www.securityfocus.com/archive/1/421426/100/0/threaded
- http://www.securityfocus.com/archive/1/471457
- http://www.securityfocus.com/bid/16170
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24036