CVE-2001-1029
published 2001-09-20CVE-2001-1029: libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which…
PriorityP416low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
1.37%
68.4th percentile
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | <= 4.4 | — |
| openbsd | openssh | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
POP Peeper 3.4.0.0 - Date Remote Buffer Overflow
exploitdb·2009-03-12
CVE-2009-1029 POP Peeper 3.4.0.0 - Date Remote Buffer Overflow
POP Peeper 3.4.0.0 - Date Remote Buffer Overflow
---
#!/usr/bin/perl
# KL0309EXP-poppeeper_date-bof.pl
# 03.12.2009
# Krakow Labs Development [www.krakowlabs.com]
# POP Peeper 3.4.0.0 Date Remote Buffer Overflow Exploit
#
# SEH overwrite exploitation, uses Imap.dll (included with POP Peeper) for universal
# exploitation (more love for no /SafeSEH). Tested on Windows XP SP3.
#
# rush@KL (Jeremy Brown) [[email protected]]
#
# rush@linux:~$ sudo perl KL0309EXP-poppeeper_date-bof.pl
# xx.xx.xx.xx
# rush@linux:~$ nc xx.xx.xx.xx 55555
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\Program Files\POP Peeper>exit
# exit
# rush@linux:~$
#
# Associated Files & Information:
# http://www.krakowlabs.com/res/adv/KL0309ADV-poppeeper_date-bof.txt
# http://www
Exploit-DB
FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading
exploitdb·2001-09-17
CVE-2001-1029 FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading
FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading
---
source: https://www.securityfocus.com/bid/3344/info
FreeBSD is a freely available, open source implementation of the BSD UNIX Operating System. It is developed and maintained by the FreeBSD Project.
It is possible for a user with access to a system via SSH to gain access to privileged information. This problem is caused by a mixture of problems with login capabilities, the FreeBSD OpenSSH port not dropping privileges during part of the login process, and login not dropping privileges at the correct time. A user could make a malicious entry in the .login.conf file in their home directoy, and read files such as the master.passwd file and gain access to encrypted passwords on the system.
This issue does not appear to affect
No writeups or analysis indexed.
2001-09-20
Published