CVE-2004-2012

NetBSD/FreeBSD - Privilege Escalation

Title source: llm

Description

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · clocalbsd

https://www.exploit-db.com/exploits/24113

View Code ZIP pw:eip

References (5)

[Mailing List] http://marc.info/?l=bugtraq&m=108432258920570&w=2

[Exploit] http://www.securityfocus.com/bid/10320

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16110

[Third Party Advisory] http://secunia.com/advisories/11585

[Vendor Advisory] ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc

Scores

EPSS 0.0031

EPSS Percentile 53.8%

Details

Status published

Products (8)

netbsd/netbsd 2.0

niels/provos_systrace 1.1

niels/provos_systrace 1.2

niels/provos_systrace 1.3

niels/provos_systrace 1.4

niels/provos_systrace 1.5

vladimir_kotal/systrace_port_for_freebsd 2004-03-09

vladimir_kotal/systrace_port_for_freebsd 2004-06-02

Published Dec 31, 2004

Tracked Since Feb 18, 2026