The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Nov 2024, 23:52
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc - | |
References | () http://marc.info/?l=bugtraq&m=108432258920570&w=2 - | |
References | () http://secunia.com/advisories/11585 - | |
References | () http://www.securityfocus.com/bid/10320 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/16110 - |
Information
Published : 2004-12-31 05:00
Updated : 2024-11-20 23:52
NVD link : CVE-2004-2012
Mitre link : CVE-2004-2012
CVE.ORG link : CVE-2004-2012
JSON object : View
Products Affected
netbsd
- netbsd
vladimir_kotal
- systrace_port_for_freebsd
niels
- provos_systrace
CWE