Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0754

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0754
Last Modified 05 Sep 2008 04:28:51
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0754

Summary

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

Vulnerable Systems

Operating System

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

Application

  • Freebsd Heimdal 0.4e

  • Kth Heimdal 0.4e


References

BID - 3919

XF - kerberos5-k5su-elevate-privileges(7956)

FREEBSD - FreeBSD-SA-02:07


Last Updated: 27 May 2016 10:37:04