The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2004-12-31 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-2012
Mitre link : CVE-2004-2012
CVE.ORG link : CVE-2004-2012
JSON object : View
Products Affected
niels
- provos_systrace
vladimir_kotal
- systrace_port_for_freebsd
netbsd
- netbsd
CWE