Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0820

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0820
Last Modified 05 Sep 2008 04:29:02
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0820

Summary

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.

Vulnerable Systems

Operating System

  • Freebsd 4.6


References

VULNWATCH - 20020731 [VulnWatch] FreeBSD <=4.6 kernel problems, yet Linux and *BSD much better than Windows

FREEBSD - FreeBSD-SA-02:23

BUGTRAQ - 20020819 Freebsd FD exploit

MISC - http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw#link16


Last Updated: 27 May 2016 10:37:05