CVE Vulnerabilities

CVE-2004-2012

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

Affected Software

Name Vendor Start Version End Version
Provos_systrace Niels 1.1 1.1
Provos_systrace Niels 1.2 1.2
Provos_systrace Niels 1.3 1.3
Provos_systrace Niels 1.4 1.4
Provos_systrace Niels 1.5 1.5
Systrace_port_for_freebsd Vladimir_kotal 2004-03-09 2004-03-09
Systrace_port_for_freebsd Vladimir_kotal 2004-06-02 2004-06-02

References