CVE-2009-5152

Published: May 11, 2018Modified: Nov 21, 2024

4.1

Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.5 / Impact: 3.6

Source: NVD

Description

Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file.

Affected (1)

Products: Absolute: Computrace Agent

1 product

Computrace Agent

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Absolute Computrace Agent	All versions

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (2)

https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.