CVE Vulnerabilities

CVE-2004-2012

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

Affected Software

Name Vendor Start Version End Version
Provos_systrace Niels 1.1 (including) 1.1 (including)
Provos_systrace Niels 1.2 (including) 1.2 (including)
Provos_systrace Niels 1.3 (including) 1.3 (including)
Provos_systrace Niels 1.4 (including) 1.4 (including)
Provos_systrace Niels 1.5 (including) 1.5 (including)
Systrace_port_for_freebsd Vladimir_kotal 2004-03-09 (including) 2004-03-09 (including)
Systrace_port_for_freebsd Vladimir_kotal 2004-06-02 (including) 2004-06-02 (including)

References