QwikSec

Security Database

CVE

CWE

Training

CVE-2002-0820

Published: Aug 2, 2002

Modified: Aug 8, 2024

PUBLISHED

Description

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw#link16

x_refsource_MISC

20020731 [VulnWatch] FreeBSD <=4.6 kernel problems, yet Linux and *BSD much better than Windows

mailing-list

x_refsource_VULNWATCH

20020819 Freebsd FD exploit

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.