Contents of /retired/CVE-2005-4352

Candidate: CVE-2005-4352
References: 
 http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
Description: 
 The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15
 and earlier, allows local users to bypass time setting restrictions and set
 the clock backwards by setting the clock ahead to the maximum unixtime value
 (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901),
 which can then be set ahead to the desired time, aka "settimeofday() time wrap."
Notes: 
 jmm> This affects the LSM module for BSD secure levels, not included in 2.6.8
 jmm> and 2.4.27
 jmm> removed in 2.6.19
Bugs: 
upstream: released (2.6.19)
linux-2.6: released (2.6.18-3)
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
1	Candidate: CVE-2005-4352
2	References:
3	http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
4	Description:
5	The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15
6	and earlier, allows local users to bypass time setting restrictions and set
7	the clock backwards by setting the clock ahead to the maximum unixtime value
8	(19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901),
9	which can then be set ahead to the desired time, aka "settimeofday() time wrap."
10	Notes:
11	jmm> This affects the LSM module for BSD secure levels, not included in 2.6.8
12	jmm> and 2.4.27
13	jmm> removed in 2.6.19
14	Bugs:
15	upstream: released (2.6.19)
16	linux-2.6: released (2.6.18-3)
17	2.6.8-sarge-security: N/A
18	2.4.27-sarge-security: N/A
19	2.4.19-woody-security: N/A
20	2.4.18-woody-security: N/A
21	2.4.17-woody-security: N/A
22	2.4.16-woody-security: N/A
23	2.4.17-woody-security-hppa: N/A
24	2.4.17-woody-security-ia64: N/A