Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4741

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4741
Last Modified 05 Sep 2008 04:57:41
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4741

Summary

NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.

Vulnerable Systems

Operating System

  • Netbsd 1.6

  • Netbsd 1.6.1

  • Netbsd 1.6.2

  • Netbsd 2.0

  • Netbsd 2.0.1

  • Netbsd 2.0.2

  • Netbsd 2.0.3

  • Netbsd 2.1


References

CONFIRM - http://mail-index.netbsd.org/source-changes/2005/10/31/0001.html

BID - 15290

OSVDB - 20759

FULLDISC - 20051106 http://prdelka.blackart.org.uk/exploitz/prdelka-vs-BSD-ptrace.tar.gz


Last Updated: 27 May 2016 10:41:25