PT-2021-23838 · Gnu Hurd · Gnu Hurd
Sergey Bugaev
·
Published
2021-11-07
·
Updated
2022-07-12
·
CVE-2021-43411
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GNU Hurd versions prior to 0.9 20210404-9
Description
An issue was discovered that allows exploitation to gain full root access. This occurs when trying to exec a setuid executable, creating a window of time where the process has new privileges but still refers to the old task, making it accessible through the old process port.
Recommendations
For GNU Hurd versions prior to 0.9 20210404-9, update to version 0.9 20210404-9 or later to resolve the issue.
Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnu Hurd