CVE-2021-43413

An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
gnuhurd
𝑥
< 0.9.20210404-9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hurd
sid
1:0.9.git20240714-4
fixed
References
https://lists.gnu.org/archive/html/bug-hurd/2002-11/msg00263.html
https://lists.gnu.org/archive/html/bug-hurd/2005-06/msg00191.html
https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html
https://www.mail-archive.com/bug-hurd%40gnu.org/msg32113.html
https://lists.gnu.org/archive/html/bug-hurd/2002-11/msg00263.html
https://lists.gnu.org/archive/html/bug-hurd/2005-06/msg00191.html
https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html
https://www.mail-archive.com/bug-hurd%40gnu.org/msg32113.html