MidnightBSD

Advisories for niels

CVE-2004-2012 HIGH

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
niels provos_systrace 1.2
vladimir_kotal systrace_port_for_freebsd 2004-03-09
vladimir_kotal systrace_port_for_freebsd 2004-06-02
netbsd netbsd 2.0
niels provos_systrace 1.3
niels provos_systrace 1.4
niels provos_systrace 1.1
niels provos_systrace 1.5