CVE-2002-1500
NetBSD 1.4.x-1.6 - Local Privilege Escalation via File Descriptor Overflow
Title source: llmDescription
Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET().
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5727
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10114.php
Scores
EPSS
0.0014
EPSS Percentile
34.4%
Details
Status
published
Products (8)
netbsd/netbsd
1.4 (5 CPE variants)
netbsd/netbsd
1.4.1 (6 CPE variants)
netbsd/netbsd
1.4.2 (5 CPE variants)
netbsd/netbsd
1.4.3
netbsd/netbsd
1.5 (3 CPE variants)
netbsd/netbsd
1.5.1
netbsd/netbsd
1.5.2
netbsd/netbsd
1.5.3
Published
Apr 02, 2003
Tracked Since
Feb 18, 2026