| Vulnerability Name: | CVE-2002-0820 (CCN-8920) | ||||||||
| Assigned: | 2002-04-22 | ||||||||
| Published: | 2002-04-22 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio insecure handling of stdio file descriptors Source: FREEBSD Type: UNKNOWN FreeBSD-SA-02:23 Source: CCN Type: BugTraq Mailing List, Mon Apr 22 2002 - 14:23:51 CDT Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Source: CCN Type: BugTraq Mailing List, Tue Apr 23 2002 - 01:24:08 CDT cheers Source: CCN Type: BugTraq Mailing List, Thu May 09 2002 - 08:11:31 CDT OpenBSD local DoS and root exploit Source: CCN Type: BugTraq Mailing List, Thu May 09 2002 - 10:27:40 CDT Re: OpenBSD local DoS and root exploit Source: VULNWATCH Type: Vendor Advisory 20020731 [VulnWatch] FreeBSD <=4.6 kernel problems, yet Linux and *BSD much better than Windows Source: MITRE Type: CNA CVE-2002-0572 Source: MITRE Type: CNA CVE-2002-0820 Source: MISC Type: UNKNOWN http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw#link16 Source: BUGTRAQ Type: UNKNOWN 20020819 Freebsd FD exploit Source: CCN Type: CIAC Information Bulletin M-072 FreeBSD stdio File Descriptors Vulnerability Source: CCN Type: Georgi Guninski Security Advisory #56, 2002 FreeBSD <=4.6 kernel problems, yet Linux and *BSD much better than Windows Source: CCN Type: US-CERT VU#809347 FreeBSD privilege elevation vulnerability Source: CCN Type: OpenBSD 3.1 errata 003: SECURITY FIX: May 8, 2002 Source: CCN Type: OpenBSD 2.9 errata 026: SECURITY FIX: May 8, 2002 Source: CCN Type: OpenBSD 3.0 errata 021: SECURITY FIX: May 8, 2002 Source: CCN Type: OSVDB ID: 16033 FreeBSD Kernel /dev/null File Descriptor Close Issue Source: CCN Type: OSVDB ID: 33547 IBM AIX SetUID File Descriptor Status Verification Failure Source: CCN Type: OSVDB ID: 33548 Solaris SetUID File Descriptor Status Verification Failure Source: CCN Type: OSVDB ID: 33549 HP-UX SetUID File Descriptor Status Verification Failure Source: CCN Type: OSVDB ID: 52021 Google Android Bionic Dynamic Linker linker/linker.c link_image Function File Descriptor Handling Arbitrary File Creation Source: CCN Type: OSVDB ID: 6095 Multiple BSD exec C File Descriptor Privilege Escalation Source: CCN Type: Pine Internet Security Advisory PINE-CERT-20020401 Suid application execution may give local root Source: CCN Type: BID-4568 BSD exec C Library Standard I/O File Descriptor Closure Vulnerability Source: CCN Type: BID-4708 Multiple Vendor exec C Library Standard I/O File Descriptor Race Condition Vulnerability Source: XF Type: UNKNOWN bsd-suid-apps-gain-privileges(8920) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||