| Vulnerability Name: | CVE-2002-0572 (CCN-8920) | ||||||||
| Assigned: | 2002-04-22 | ||||||||
| Published: | 2002-04-22 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio insecure handling of stdio file descriptors Source: FREEBSD Type: Patch, Vendor Advisory FreeBSD-SA-02:23 Source: CCN Type: BugTraq Mailing List, Mon Apr 22 2002 - 14:23:51 CDT Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Source: CCN Type: BugTraq Mailing List, Tue Apr 23 2002 - 01:24:08 CDT cheers Source: CCN Type: BugTraq Mailing List, Thu May 09 2002 - 08:11:31 CDT OpenBSD local DoS and root exploit Source: CCN Type: BugTraq Mailing List, Thu May 09 2002 - 10:27:40 CDT Re: OpenBSD local DoS and root exploit Source: VULNWATCH Type: UNKNOWN 20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD Source: MITRE Type: CNA CVE-2002-0572 Source: MITRE Type: CNA CVE-2002-0820 Source: BUGTRAQ Type: Exploit, Patch, Vendor Advisory 20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD Source: BUGTRAQ Type: UNKNOWN 20020423 cheers Source: CCN Type: CIAC Information Bulletin M-072 FreeBSD stdio File Descriptors Vulnerability Source: CIAC Type: UNKNOWN M-072 Source: CCN Type: Georgi Guninski Security Advisory #56, 2002 FreeBSD <=4.6 kernel problems, yet Linux and *BSD much better than Windows Source: XF Type: UNKNOWN bsd-suid-apps-gain-privileges(8920) Source: CCN Type: US-CERT VU#809347 FreeBSD privilege elevation vulnerability Source: CERT-VN Type: US Government Resource VU#809347 Source: CCN Type: OpenBSD 3.1 errata 003: SECURITY FIX: May 8, 2002 Source: CCN Type: OpenBSD 2.9 errata 026: SECURITY FIX: May 8, 2002 Source: CCN Type: OpenBSD 3.0 errata 021: SECURITY FIX: May 8, 2002 Source: OSVDB Type: UNKNOWN 6095 Source: CCN Type: OSVDB ID: 16033 FreeBSD Kernel /dev/null File Descriptor Close Issue Source: CCN Type: OSVDB ID: 33547 IBM AIX SetUID File Descriptor Status Verification Failure Source: CCN Type: OSVDB ID: 33548 Solaris SetUID File Descriptor Status Verification Failure Source: CCN Type: OSVDB ID: 33549 HP-UX SetUID File Descriptor Status Verification Failure Source: CCN Type: OSVDB ID: 52021 Google Android Bionic Dynamic Linker linker/linker.c link_image Function File Descriptor Handling Arbitrary File Creation Source: CCN Type: OSVDB ID: 6095 Multiple BSD exec C File Descriptor Privilege Escalation Source: CCN Type: Pine Internet Security Advisory PINE-CERT-20020401 Suid application execution may give local root Source: BID Type: Exploit, Patch, Vendor Advisory 4568 Source: CCN Type: BID-4568 BSD exec C Library Standard I/O File Descriptor Closure Vulnerability Source: CCN Type: BID-4708 Multiple Vendor exec C Library Standard I/O File Descriptor Race Condition Vulnerability Source: XF Type: UNKNOWN bsd-suid-apps-gain-privileges(8920) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||