Vulnerability Description
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 4.4 |
| Openbsd | Openbsd | 2.0 |
| Sun | Solaris | 2.5.1 |
| Sun | Sunos | - |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.ascPatchVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html
- http://online.securityfocus.com/archive/1/268970ExploitPatchVendor Advisory
- http://online.securityfocus.com/archive/1/269102
- http://www.ciac.org/ciac/bulletins/m-072.shtml
- http://www.iss.net/security_center/static/8920.php
- http://www.kb.cert.org/vuls/id/809347US Government Resource
- http://www.osvdb.org/6095
- http://www.securityfocus.com/bid/4568ExploitPatchVendor Advisory
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.ascPatchVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html
- http://online.securityfocus.com/archive/1/268970ExploitPatchVendor Advisory
- http://online.securityfocus.com/archive/1/269102
- http://www.ciac.org/ciac/bulletins/m-072.shtml
- http://www.iss.net/security_center/static/8920.php
FAQ
What is CVE-2002-0572?
CVE-2002-0572 is a vulnerability with a CVSS score of 7.2 (HIGH). FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard ou...
How severe is CVE-2002-0572?
CVE-2002-0572 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0572?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd, Openbsd Openbsd, Sun Solaris, Sun Sunos.