Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
FreeBSD gdc program allows local users to modify files via a symlink attack.
CVE Informations
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 2.1 | AV:L/AC:L/Au:N/C:N/I:P/A:N | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 19650
Publication date : 1999-11-30 23h00 +00:00
Author : Brock Tellier
EDB Verified : Yes
source: https://www.securityfocus.com/bid/835/info
It is possible to write debug ouput from gdc to a file (/var/tmp/gdb_dump). Unfortunately, gdc follows symbolic links which can be created in tmp and will overwrite any file on the system thanks to it being setiud root. This does not cause any immediate compromises and is more of a denial of service attack since it does not change the permissions of the overwritten files (to say, world writeable or group writeable). Local users are required to be in group wheel (or equivelent) to execute gdc.
ln -s /etc/master.passwd /var/tmp/gated_dump
And then wait for a priviliged user to run gdc dump.
Products Mentioned
Configuraton 0
Freebsd>>Freebsd >> Version 3.3
- Freebsd>>Freebsd >> Version 3.3 (Open CPE detail)
- Freebsd>>Freebsd >> Version 3.3 (Open CPE detail)
- Freebsd>>Freebsd >> Version 3.3 (Open CPE detail)
References
2025©
tesweb SA
