FreeBSD Port Systrace Exit Routine Access Validation

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

niels

vladimir-kotal

netbsd

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

Vulnerable Configurations

Part	Description	Count
Application	Niels Niels Provos Systrace 1.1 Niels Provos Systrace 1.2 Niels Provos Systrace 1.3 Niels Provos Systrace 1.4 Niels Provos Systrace 1.5	5
Application	Vladimir_Kotal Vladimir Kotal Systrace Port FOR Freebsd 2004-03-09 Vladimir Kotal Systrace Port FOR Freebsd 2004-06-02	2
OS	Netbsd Netbsd Netbsd 2.0	1

Exploit-Db

description	NetBSD/FreeBSD Port Systrace 1.x Exit Routine Access Validation Privilege Escalation Vulnerability. CVE-2004-2012. Local exploit for bsd platform
id	EDB-ID:24113
last seen	2016-02-02
modified	2004-05-11
published	2004-05-11
reporter	Stefan Esser
source	https://www.exploit-db.com/download/24113/
title	NetBSD/FreeBSD Port Systrace 1.x - Exit Routine Access Validation Privilege Escalation Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References