Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1029 — Freebsd vulnerability

5 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 70.32%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Freebsd Openbsd Openssh

Timeline

PublishedSep 20

Latest updateApr 30

Description

libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDfreebsd/freebsd4.4

▶NVDopenbsd/openssh4.5

🔴Vulnerability Details

GHSA

GHSA-rc87-8mcw-q34j: libutil in OpenSSH on FreeBSD 4↗2022-04-30

▶

CVEList

CVE-2001-1029: libutil in OpenSSH on FreeBSD 4↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

POP Peeper 3.4.0.0 - Date Remote Buffer Overflow↗2009-03-12

▶

Exploit-DB

FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading↗2001-09-17

▶