CVE-2002-0572

Severity

72%

Complexity

39%

Confidentiality

165%

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 22 years ago

2002-07-03 04:00:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

OpenBSD 2.0

2.0

OpenBSD 2.1

2.1

OpenBSD 2.2

2.2

OpenBSD 2.3

2.3

Sun Solaris 2.6

2.6

Sun SunOS (formerly Solaris)

Sun Microsystems Solaris 2.5.1

5.5.1

Sun Microsystems Solaris 7

5.7

Sun SunOS (Solaris 8) 5.8

5.8

References

FreeBSD-SA-02:23

Patch, Vendor Advisory

20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD

20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD

Exploit, Patch, Vendor Advisory

20020423 cheers

M-072

bsd-suid-apps-gain-privileges(8920)

VU#809347

US Government Resource

6095

4568

Exploit, Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.