Description
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
References (2)
Core 2
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2609
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=98744422105430&w=2
Scores
EPSS
0.0006
EPSS Percentile
19.0%
Details
Status
published
Products (26)
freebsd/freebsd
6.2 stable
timecop/bubblemon
1.0
timecop/bubblemon
1.0pl1
timecop/bubblemon
1.0pl2
timecop/bubblemon
1.0pl3
timecop/bubblemon
1.0pl4
timecop/bubblemon
1.0pl6
timecop/bubblemon
1.0pl7
timecop/bubblemon
1.0pl8
timecop/bubblemon
1.0pl9
... and 16 more
Published
Jul 02, 2001
Tracked Since
Feb 18, 2026