Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0572

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0572
Last Modified 05 Sep 2008 04:28:22
Published 03 Jul 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0572

Summary

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

Vulnerable Systems

Operating System

  • Freebsd 4.4

  • Freebsd 4.5

  • Openbsd 2.0

  • Openbsd 2.1

  • Openbsd 2.2

  • Openbsd 2.3

  • Sun Solaris 2.5.1

  • Sun Solaris 2.6

  • Sun Solaris 7.0

  • Sun Solaris 8.0


References

CERT-VN - VU#809347

BID - 4568

BUGTRAQ - 20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD

FREEBSD - FreeBSD-SA-02:23

XF - bsd-suid-apps-gain-privileges(8920)

BUGTRAQ - 20020423 cheers

OSVDB - 6095

CIAC - M-072


Last Updated: 27 May 2016 10:36:59