FreeBSD 4.5 and previous versions, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freebsd freebsd 4.5 |
||
openbsd openbsd 2.0 |
||
openbsd openbsd 2.2 |
||
sun sunos - |
||
sun solaris 7.0 |
||
openbsd openbsd 2.3 |
||
sun sunos 5.5.1 |
||
sun solaris 2.5.1 |
||
sun solaris 2.6 |
||
freebsd freebsd 4.4 |
||
sun solaris 8.0 |
||
openbsd openbsd 2.1 |
||
sun sunos 5.7 |
||
sun sunos 5.8 |