PT-2021-23839 · Libports+1 · Libports+1

Sergey Bugaev

Published

2021-11-07

Updated

2021-11-09

CVE-2021-43412

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNU Hurd versions prior to 0.9 20210404-9

Description An issue in libports allows it to accept fake notification messages from any client on any port. This can lead to a port use-after-free situation, which can be exploited for local privilege escalation to gain full root access.

Recommendations For versions prior to 0.9 20210404-9, update to version 0.9 20210404-9 or later to resolve the issue.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2021-43412

Affected Products

Gnu Hurd

Libports

PT-2021-23839 · Libports+1 · Libports+1

CVE-2021-43412

Weakness Enumeration

Related Identifiers

Affected Products

References · 5