cbcvebase.
CVE-2004-2012
published 2004-12-31

CVE-2004-2012: The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of…

PriorityP428high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.85%
53.7th percentile
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

Affected

8 ranges
VendorProductVersion rangeFixed in
netbsdnetbsd
nielsprovos_systrace
nielsprovos_systrace
nielsprovos_systrace
nielsprovos_systrace
nielsprovos_systrace
vladimir_kotalsystrace_port_for_freebsd
vladimir_kotalsystrace_port_for_freebsd
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.