Vulnerabilities > CVE-2004-2012 - Privilege Escalation vulnerability in NetBSD/FreeBSD Port Systrace Exit Routine Access Validation
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 | |
Application | 2 | |
OS | 1 |
Exploit-Db
description | NetBSD/FreeBSD Port Systrace 1.x Exit Routine Access Validation Privilege Escalation Vulnerability. CVE-2004-2012. Local exploit for bsd platform |
id | EDB-ID:24113 |
last seen | 2016-02-02 |
modified | 2004-05-11 |
published | 2004-05-11 |
reporter | Stefan Esser |
source | https://www.exploit-db.com/download/24113/ |
title | NetBSD/FreeBSD Port Systrace 1.x - Exit Routine Access Validation Privilege Escalation Vulnerability |