Description
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/421426/100/0/threaded
Exploit, Vendor Advisory mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html
Exploit, Vendor Advisory x_refsource_misc
http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24036
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16170
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/471457
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015454
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25691
Scores
EPSS
0.0011
EPSS Percentile
28.2%
Details
Status
published
Products (26)
linux/linux_kernel
2.6.0 (12 CPE variants)
linux/linux_kernel
2.6.1 (3 CPE variants)
linux/linux_kernel
2.6.2
linux/linux_kernel
2.6.3
linux/linux_kernel
2.6.4
linux/linux_kernel
2.6.5
linux/linux_kernel
2.6.6 (2 CPE variants)
linux/linux_kernel
2.6.7 (2 CPE variants)
linux/linux_kernel
2.6.8 (4 CPE variants)
linux/linux_kernel
2.6.9 2.6.20
... and 16 more
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026