Lucene search

[email protected]CVE-2002-0754

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0754

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0754

kerberos 5

k5su

freebsd

privilege escalation

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.0%

JSON

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

Affected configurations

NVD

Node

freebsdheimdalMatch0.4e

kthheimdalMatch0.4e

Node

freebsdfreebsdMatch4.0

freebsdfreebsdMatch4.1

freebsdfreebsdMatch4.1.1

freebsdfreebsdMatch4.1.1release

freebsdfreebsdMatch4.1.1stable

freebsdfreebsdMatch4.2

freebsdfreebsdMatch4.2stable

freebsdfreebsdMatch4.3

freebsdfreebsdMatch4.3release

freebsdfreebsdMatch4.3stable

freebsdfreebsdMatch4.4

CPENameOperatorVersion
freebsd:heimdalfreebsd heimdaleq0.4e
kth:heimdalkth heimdaleq0.4e

CPE	Name	Operator	Version
freebsd:heimdal	freebsd heimdal	eq	0.4e
kth:heimdal	kth heimdal	eq	0.4e

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc

www.iss.net/security_center/static/7956.php

www.securityfocus.com/bid/3919

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for CVE-2002-0754

cvelist1 nvd1