Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-0572

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

Published

2002-07-03T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	freebsd	freebsd	4.4	Yes
Operating System	freebsd	freebsd	4.5	Yes
Operating System	freebsd	freebsd	4.5	Yes
Operating System	openbsd	openbsd	2.0	Yes
Operating System	openbsd	openbsd	2.1	Yes
Operating System	openbsd	openbsd	2.2	Yes
Operating System	openbsd	openbsd	2.3	Yes
Operating System	sun	solaris	2.5.1	Yes
Operating System	sun	solaris	2.6	Yes
Operating System	sun	solaris	7.0	Yes
Operating System	sun	solaris	8.0	Yes
Operating System	sun	sunos	-	Yes
Operating System	sun	sunos	5.5.1	Yes
Operating System	sun	sunos	5.7	Yes
Operating System	sun	sunos	5.8	Yes

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc Patch, Vendor Advisory ([email protected])
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html ([email protected])
http://online.securityfocus.com/archive/1/268970 Exploit, Patch, Vendor Advisory ([email protected])
http://online.securityfocus.com/archive/1/269102 ([email protected])
http://www.ciac.org/ciac/bulletins/m-072.shtml ([email protected])
http://www.iss.net/security_center/static/8920.php ([email protected])
http://www.kb.cert.org/vuls/id/809347 US Government Resource ([email protected])
http://www.osvdb.org/6095 ([email protected])
http://www.securityfocus.com/bid/4568 Exploit, Patch, Vendor Advisory ([email protected])
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html (af854a3a-2127-422b-91ae-364da2661108)
http://online.securityfocus.com/archive/1/268970 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://online.securityfocus.com/archive/1/269102 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ciac.org/ciac/bulletins/m-072.shtml (af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/security_center/static/8920.php (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/809347 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/6095 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/4568 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)