CVE-2004-2012

NetBSD/FreeBSD - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2012. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in Systrace on NetBSD and FreeBSD. It leverages insufficient access validation during privilege restoration to gain root privileges via a crafted systrace interaction.

Description

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · clocalbsd

https://www.exploit-db.com/exploits/24113

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in Systrace on NetBSD and FreeBSD. It leverages insufficient access validation during privilege restoration to gain root privileges via a crafted systrace interaction.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Systrace on NetBSD and FreeBSD (port by Vladimir Kotal)

No auth needed

Prerequisites: Local access to the system · Presence of /dev/systrace device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=108432258920570&w=2

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10320

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16110

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/11585

Vendor Advisory vendor-advisory x_refsource_netbsd

ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc

Scores

EPSS 0.0085

EPSS Percentile 53.5%

Details

Status published

Products (8)

netbsd/netbsd 2.0

niels/provos_systrace 1.1

niels/provos_systrace 1.2

niels/provos_systrace 1.3

niels/provos_systrace 1.4

niels/provos_systrace 1.5

vladimir_kotal/systrace_port_for_freebsd 2004-03-09

vladimir_kotal/systrace_port_for_freebsd 2004-06-02

Published Dec 31, 2004

Tracked Since Feb 18, 2026