CVE-2004-2012
published 2004-12-31CVE-2004-2012: The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of…
PriorityP428high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.85%
53.7th percentile
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netbsd | netbsd | — | — |
| niels | provos_systrace | — | — |
| niels | provos_systrace | — | — |
| niels | provos_systrace | — | — |
| niels | provos_systrace | — | — |
| niels | provos_systrace | — | — |
| vladimir_kotal | systrace_port_for_freebsd | — | — |
| vladimir_kotal | systrace_port_for_freebsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.aschttp://marc.info/?l=bugtraq&m=108432258920570&w=2http://secunia.com/advisories/11585http://www.securityfocus.com/bid/10320https://exchange.xforce.ibmcloud.com/vulnerabilities/16110ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.aschttp://marc.info/?l=bugtraq&m=108432258920570&w=2http://secunia.com/advisories/11585http://www.securityfocus.com/bid/10320https://exchange.xforce.ibmcloud.com/vulnerabilities/16110
2004-12-31
Published