CERT/CC Vulnerability Note VU#809347

Overview

A locally exploitable privilege elevation vulnerability exists in FreeBSD.

Description

A locally exploitable privilege elevation vulnerability exists in FreeBSD. For more information, please see the Pine Internet Security Advisory.

Impact

A local user can gain root privileges.

Solution

Please see ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc for patch information.

Vendor Information

809347

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

FreeBSD Affected

Updated: August 20, 2002

Status

Affected

Vendor Statement

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

The CERT/CC thanks PINE-CERT for discovering this vulnerability.

This document was written by Ian A. Finlay.

Other Information

CVE IDs:	CVE-2002-0572
Severity Metric:	20.25
Date Public:	2002-04-22
Date First Published:	2002-08-20
Date Last Updated:	2002-08-20 18:17 UTC
Document Revision:	16

Software Engineering Institute

CERT Coordination Center

FreeBSD privilege elevation vulnerability

Vulnerability Note VU#809347

Overview

Description

Impact

Solution

Vendor Information

FreeBSD Affected

Status

Vendor Statement

Vendor Information

Addendum

CVSS Metrics

References

Acknowledgements

Other Information

Contact CERT/CC