Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0572 — Freebsd vulnerability

13 documents4 sources

Severity

7.2HIGHNVD

NVD4.6

EPSS

0.3%

top 48.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Freebsd HP Hp-ux IBM AIX +3 more

Timeline

PublishedJul 3

Latest updateMay 3

Description

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages5 packages

▶NVDibm/aix5.3

▶NVDhp/hp-ux11.11

▶NVDsun/sunos5.5.1, 5.7, 5.8+2

▶NVDsun/solaris5 versions+4

▶NVDopenbsd/openbsd4 versions+3

Also affects: Freebsd 4.4, 4.5

Patches

Patch: ftp.freebsd.org ↗Patch: online.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-ch5f-274q-4xg7: FreeBSD 4↗2022-05-03

▶

GHSA

GHSA-pqq7-42hf-m9r8: Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing↗2022-05-01

▶

GHSA

GHSA-xm7m-3vrw-5x97: IBM AIX 5↗2022-05-01

▶

GHSA

GHSA-jcmg-xqwv-44cm: HP HP-UX B11↗2022-05-01

▶

CVEList

CVE-2007-0392: IBM AIX 5↗2007-01-19

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure↗2002-04-23

▶