CVE-2005-4352

NetBSD <2.1 & Linux <2.6.15 - Privilege Escalation

Title source: llm

Description

The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."

References (8)

[Exploit, Vendor Advisory] http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html

[Exploit, Vendor Advisory] http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt

[Patch] http://www.securityfocus.com/bid/16170

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24036

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/421426/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/471457

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015454

[Third Party Advisory] http://secunia.com/advisories/25691

Scores

EPSS 0.0011

EPSS Percentile 28.6%

Classification

Status draft

Affected Products (50)

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

... and 35 more

Timeline

Published Dec 31, 2005

Tracked Since Feb 18, 2026