CVE-2005-4352

Published: 1/9/2006 Last updated: 8/7/2024 Reserved: 12/19/2005

The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
n/a	n/a	<= 17.3

References (16)

http://www.securityfocus.com/archive/1/421426/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html
http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/24036
http://www.securityfocus.com/bid/16170
http://www.securityfocus.com/archive/1/471457
http://securitytracker.com/id?1015454
http://secunia.com/advisories/25691
http://www.securityfocus.com/archive/1/421426/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html
http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/24036
http://www.securityfocus.com/bid/16170
http://www.securityfocus.com/archive/1/471457
http://securitytracker.com/id?1015454
http://secunia.com/advisories/25691