CVE-2002-0875

FAM - Unprotected File Name Exposure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0875. PoCs published by Michael Wardle.

AI-analyzed exploit summary The provided text describes an information leakage vulnerability in 'fam' (File Alteration Monitor) where an unprivileged user can execute 'fam' to discover a list of monitored files, potentially leaking sensitive information. The vulnerability requires that a privileged user has already executed 'fam' against the directory being monitored.

Description

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Michael Wardle · textlocalirix
https://www.exploit-db.com/exploits/21720

The provided text describes an information leakage vulnerability in 'fam' (File Alteration Monitor) where an unprivileged user can execute 'fam' to discover a list of monitored files, potentially leaking sensitive information. The vulnerability requires that a privileged user has already executed 'fam' against the directory being monitored.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: fam (File Alteration Monitor)
No auth needed
Prerequisites: A privileged user must have previously executed 'fam' against the target directory
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Various Sources vendor-advisory x_refsource_freebsd
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-005.html
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9880.php
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-154
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5487

Scores

EPSS 0.0096
EPSS Percentile 57.4%

Details

Status published
Products (6)
debian/debian_linux 3.0
sgi/fam 2.6.6
sgi/fam 2.6.8
sgi/irix 6.5.15
sgi/irix 6.5.16
sgi/irix 6.5.17
Published Sep 05, 2002
Tracked Since Feb 18, 2026