← back
CVE-2004-2012

CVE-2004-2012

EPSS 0.9%
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.aschttp://marc.info/?l=bugtraq&m=108432258920570&w=2http://secunia.com/advisories/11585https://exchange.xforce.ibmcloud.com/vulnerabilities/16110http://www.securityfocus.com/bid/10320