Vulnerabilities > CVE-2004-2012
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 | |
| Application | 2 | |
| OS | 1 |
Exploit-Db
| description | NetBSD/FreeBSD Port Systrace 1.x Exit Routine Access Validation Privilege Escalation Vulnerability. CVE-2004-2012. Local exploit for bsd platform |
| id | EDB-ID:24113 |
| last seen | 2016-02-02 |
| modified | 2004-05-11 |
| published | 2004-05-11 |
| reporter | Stefan Esser |
| source | https://www.exploit-db.com/download/24113/ |
| title | NetBSD/FreeBSD Port Systrace 1.x - Exit Routine Access Validation Privilege Escalation Vulnerability |
References
- ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc
- ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc
- http://marc.info/?l=bugtraq&m=108432258920570&w=2
- http://marc.info/?l=bugtraq&m=108432258920570&w=2
- http://secunia.com/advisories/11585
- http://secunia.com/advisories/11585
- http://www.securityfocus.com/bid/10320
- http://www.securityfocus.com/bid/10320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16110
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16110