Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1180

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-1180
Last Modified 05 Sep 2008 04:25:53
Published 10 Jul 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1180

Summary

FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.

Vulnerable Systems

Operating System

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.2

  • Freebsd 4.3


References

CERT-VN - VU#943633

BID - 3007

BUGTRAQ - 20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows

XF - bsd-rfork-signal-handlers(6829)

OSVDB - 1897

CIAC - L-111

FREEBSD - FreeBSD-SA-01:42


Last Updated: 27 May 2016 10:36:34