CVE-2002-0754 — Freebsd vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 64.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freebsd Freebsd Heimdal KTH Heimdal

Timeline

PublishedAug 12

Latest updateMay 3

Description

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDfreebsd/heimdal0.4e

▶NVDkth/heimdal0.4e

Also affects: Freebsd 4.0, 4.1, 4.1.1, 4.2, 4.3, 4.4

Patches

Patch: ftp.freebsd.org ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mggc-5xgm-pg5v: Kerberos 5 su (k5su) in FreeBSD 4↗2022-05-03

▶

CVEList

CVE-2002-0754: Kerberos 5 su (k5su) in FreeBSD 4↗2003-04-02

▶