Local User Time Setting Bypass in NetBSD and Linux
CVE-2005-4352

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; Netbsd
Vendor: CVE Published:; 31 December 2005

Summary

The securelevels feature in NetBSD 2.1 and earlier, as well as in Linux versions up to 2.6.15, contains a flaw that enables local users to manipulate system time settings. By advancing the system clock to the maximum Unix time value (set to 19 Jan 2038), it then wraps around to the minimum time (13 Dec 1901) and can be adjusted forward to any desired time. This vulnerability poses a significant risk as it allows unauthorized time modifications, potentially impacting scheduled tasks and security mechanisms reliant on accurate system time.

References

http://www.securityfocus.com/archive/1/421426/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://lists.grok.org.uk/pipermail/full-disclosure/2006-J...

mailing-listx_refsource_FULLDISC

http://www.redteam-pentesting.de/advisories/rt-sa-2005-16...

x_refsource_MISC

Timeline

Vulnerability published
Dec 31, 2005
Vulnerability Reserved
Dec 19, 2005