The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00102
Percentile: 0.28901

CVSS Scoring

Affected Products

• cpe:2.3:a:niels:provos_systrace:1.1:*:*:*:*:*:*:*
• cpe:2.3:a:niels:provos_systrace:1.2:*:*:*:*:*:*:*
• cpe:2.3:a:niels:provos_systrace:1.3:*:*:*:*:*:*:*
• cpe:2.3:a:niels:provos_systrace:1.4:*:*:*:*:*:*:*
• cpe:2.3:a:niels:provos_systrace:1.5:*:*:*:*:*:*:*
• cpe:2.3:a:vladimir_kotal:systrace_port_for_freebsd:2004-03-09:*:*:*:*:*:*:*
• cpe:2.3:a:vladimir_kotal:systrace_port_for_freebsd:2004-06-02:*:*:*:*:*:*:*
• cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*

← Back to Home