cbcvebase.
CVE-2001-1029
published 2001-09-20

CVE-2001-1029: libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which…

PriorityP416low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
1.37%
68.4th percentile
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.

Affected

2 ranges
VendorProductVersion rangeFixed in
freebsdfreebsd<= 4.4
openbsdopenssh
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.