CVE-2007-3723 - The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by

CVE-2007-3723

Summary

The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

References

http://osvdb.org/36616
http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf

Vulnerable Configurations

cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 15-11-2008 - 06:53)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc	http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf
osvdb	36616

Last major update

15-11-2008 - 06:53

Published

12-07-2007 - 16:30

Last modified

15-11-2008 - 06:53