Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
niels provos systrace 1.2
niels provos systrace 1.3
niels provos systrace 1.1
vladimir kotal systrace port for freebsd 2004-03-09
vladimir kotal systrace port for freebsd 2004-06-02
niels provos systrace 1.4
niels provos systrace 1.5
netbsd netbsd 2.0

source: wwwsecurityfocuscom/bid/10320/info A vulnerability has been reported that affects Systrace on NetBSD, as well as the FreeBSD port by Vladimir Kotal The source of the issue is insufficient access validation when a systraced process is restoring privileges This issue can be exploited by a local attacker to gain root privileges ...

NVD-CWE-Other ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc http://www.securityfocus.com/bid/10320 http://secunia.com/advisories/11585 http://marc.info/?l=bugtraq&m=108432258920570&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16110 https://nvd.nist.gov https://www.exploit-db.com/exploits/24113/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2012

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect