Vulnerability Details CVE-2002-0754
Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.7%
CVSS Severity
CVSS v2 Score 7.2
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc
- http://www.iss.net/security_center/static/7956.php
- http://www.securityfocus.com/bid/3919
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc
- http://www.iss.net/security_center/static/7956.php
- http://www.securityfocus.com/bid/3919
Products affected by CVE-2002-0754
-
cpe:2.3:a:freebsd:heimdal:0.4e
-
cpe:2.3:a:kth:heimdal:0.4e
-
cpe:2.3:o:freebsd:freebsd:4.0
-
cpe:2.3:o:freebsd:freebsd:4.1
-
cpe:2.3:o:freebsd:freebsd:4.1.1
-
cpe:2.3:o:freebsd:freebsd:4.2
-
cpe:2.3:o:freebsd:freebsd:4.3
-
cpe:2.3:o:freebsd:freebsd:4.4