Memory Mapping Vulnerability in GNU Hurd by The GNU Project
CVE-2021-43413

8.8HIGH

Key Information:

Vendor
Gnu
Status
Hurd
Vendor
CVE Published:
7 November 2021

Summary

A vulnerability in GNU Hurd allows for improper access control due to the misuse of a shared pager port among users who map files. This misconfiguration permits any user with read access to modify files throughout the system, facilitating potential unauthorized root access. This issue can be exploited through straightforward techniques, ultimately compromising the integrity of the system and its data.

References

https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00...
x_refsource_MISC
https://www.mail-archive.com/bug-hurd%40gnu.org/msg32113....
x_refsource_MISC
https://lists.gnu.org/archive/html/bug-hurd/2002-11/msg00...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.