Hurd
CVE-2021-43411
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access.
AnalysisAI
An issue was discovered in GNU Hurd before 0.9 20210404-9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-362. An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access. Affected products include: Gnu Hurd. Version information: before 0.9.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in GNU Hurd before 0.9 20210404-9. Rated high severity (CVSS 8.8), this vulnerability is remotel
An issue was discovered in GNU Hurd before 0.9 20210404-9. Rated high severity (CVSS 7.8), this vulnerability is low att
An issue was discovered in GNU Hurd before 0.9 20210404-9. Rated high severity (CVSS 7.0). Public exploit code available
Same weakness CWE-362 – Race Condition
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today