Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2092

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2002-2092
Last Modified 05 Sep 2008 04:32:18
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2002-2092

Summary

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.

Vulnerable Systems

Operating System

  • Freebsd 2.0

  • Freebsd 2.1.0

  • Freebsd 2.2

  • Freebsd 2.2.2

  • Freebsd 2.2.3

  • Freebsd 2.2.4

  • Freebsd 2.2.5

  • Freebsd 2.2.6

  • Freebsd 2.2.8

  • Freebsd 3.0

  • Freebsd 3.1

  • Freebsd 3.2

  • Freebsd 3.3

  • Freebsd 3.4

  • Freebsd 3.5

  • Freebsd 3.5.1

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Netbsd 1.3

  • Netbsd 1.3.1

  • Netbsd 1.3.2

  • Netbsd 1.3.3

  • Netbsd 1.4

  • Netbsd 1.4.1

  • Netbsd 1.4.2

  • Netbsd 1.4.3

  • Netbsd 1.5

  • Netbsd 1.5.1

  • Netbsd 1.5.2

  • Openbsd 2.0

  • Openbsd 2.1

  • Openbsd 2.2

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7

  • Openbsd 2.8

  • Openbsd 2.9

  • Openbsd 3.0


References

XF - bsd-exec-race-condition(7945)

BID - 3891

NETBSD - NetBSD-SA2002-001

FREEBSD - FreeBSD-SA-02:08

OSVDB - 19475


Last Updated: 27 May 2016 10:37:36