ID CVE-2004-2012 Type cve Reporter NVD Modified 2017-07-10T21:31:32
Description
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
{"id": "CVE-2004-2012", "bulletinFamily": "NVD", "title": "CVE-2004-2012", "description": "The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.", "published": "2004-12-31T00:00:00", "modified": "2017-07-10T21:31:32", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2012", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/16110", "http://marc.info/?l=bugtraq&m=108432258920570&w=2", "http://www.securityfocus.com/bid/10320"], "cvelist": ["CVE-2004-2012"], "type": "cve", "lastseen": "2017-07-11T11:14:39", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:vladimir_kotal:systrace_port_for_freebsd:2004-03-09", "cpe:/a:niels:provos_systrace:1.3", "cpe:/a:niels:provos_systrace:1.1", "cpe:/a:niels:provos_systrace:1.5", "cpe:/a:vladimir_kotal:systrace_port_for_freebsd:2004-06-02", "cpe:/a:niels:provos_systrace:1.2", "cpe:/a:niels:provos_systrace:1.4", "cpe:/o:netbsd:netbsd:2.0"], "cvelist": ["CVE-2004-2012"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.", "edition": 2, "enchantments": {}, "hash": "c17a906a64c9a511d60addf189d4d14b93093c0483b8ab0f2f101147203ea47f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "1818188f76a26b3720dce451603f5a89", "key": "href"}, {"hash": "742efffe939b1c5a29441da60655b854", "key": "references"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "f3ed268732578f678a27b315cbcb57dd", "key": "cpe"}, {"hash": "8d01b3f7405442a63e5c8249be351108", "key": "published"}, {"hash": "cb40a1baec8a8c52f84aff27210a8fa4", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "42e2dcb1323abbd1ef65657fb11298dc", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "63106727aa4e3621ca92fe51a5e26856", "key": "modified"}, {"hash": "43d140847570fb0db6c9de270880d6b0", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2012", "id": "CVE-2004-2012", "lastseen": "2017-04-18T15:50:42", "modified": "2016-10-17T23:04:49", "objectVersion": "1.2", "published": "2004-12-31T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/16110", "http://marc.info/?l=bugtraq&m=108432258920570&w=2", "http://www.securityfocus.com/bid/10320"], "reporter": "NVD", "scanner": [], "title": "CVE-2004-2012", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:50:42"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:vladimir_kotal:systrace_port_for_freebsd:2004-03-09", "cpe:/a:niels:provos_systrace:1.3", "cpe:/a:niels:provos_systrace:1.1", "cpe:/a:niels:provos_systrace:1.5", "cpe:/a:vladimir_kotal:systrace_port_for_freebsd:2004-06-02", "cpe:/a:niels:provos_systrace:1.2", "cpe:/a:niels:provos_systrace:1.4", "cpe:/o:netbsd:netbsd:2.0"], "cvelist": ["CVE-2004-2012"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.", "edition": 1, "hash": "f489ad5e0d3089c52563c3587d3449b79d0f8feb33d7c19a4a7a230981216d9e", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "1818188f76a26b3720dce451603f5a89", "key": "href"}, {"hash": "92e562f1650876bcdaf98c9c3871d6a5", "key": "modified"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "f3ed268732578f678a27b315cbcb57dd", "key": "cpe"}, {"hash": "8d01b3f7405442a63e5c8249be351108", "key": "published"}, {"hash": "cb40a1baec8a8c52f84aff27210a8fa4", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "42e2dcb1323abbd1ef65657fb11298dc", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "c6e0666f0ccddcd7af457665036a3929", "key": "references"}, {"hash": "43d140847570fb0db6c9de270880d6b0", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2012", "id": "CVE-2004-2012", "lastseen": "2016-09-03T04:45:31", "modified": "2008-09-05T16:42:57", "objectVersion": "1.2", "published": "2004-12-31T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/16110", "http://marc.theaimsgroup.com/?l=bugtraq&m=108432258920570&w=2", "http://www.securityfocus.com/bid/10320"], "reporter": "NVD", "scanner": [], "title": "CVE-2004-2012", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T04:45:31"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f3ed268732578f678a27b315cbcb57dd"}, {"key": "cvelist", "hash": "cb40a1baec8a8c52f84aff27210a8fa4"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "43d140847570fb0db6c9de270880d6b0"}, {"key": "href", "hash": "1818188f76a26b3720dce451603f5a89"}, {"key": "modified", "hash": "d2a13bec0e1d637e0332a447babcce2d"}, {"key": "published", "hash": "8d01b3f7405442a63e5c8249be351108"}, {"key": "references", "hash": "88ff834199964aa0accbcb0cc6dce48b"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "42e2dcb1323abbd1ef65657fb11298dc"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "1fda77fc7d7f530886bf302d5776e51b8db4b2a78b42edfdd7b5307bd5d54496", "viewCount": 0, "enchantments": {"vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:vladimir_kotal:systrace_port_for_freebsd:2004-03-09", "cpe:/a:niels:provos_systrace:1.3", "cpe:/a:niels:provos_systrace:1.1", "cpe:/a:niels:provos_systrace:1.5", "cpe:/a:vladimir_kotal:systrace_port_for_freebsd:2004-06-02", "cpe:/a:niels:provos_systrace:1.2", "cpe:/a:niels:provos_systrace:1.4", "cpe:/o:netbsd:netbsd:2.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
