CVE-2002-0754

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

Published: Aug 12, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0754
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
freebsd / heimdal	0.4e	0.4e.x
kth / heimdal	0.4e	0.4e.x
freebsd / freebsd	4.1.1-stable	4.1.1-stable.x
freebsd / freebsd	4.1.1-release	4.1.1-release.x
freebsd / freebsd	4.3-stable	4.3-stable.x
freebsd / freebsd	4.3-release	4.3-release.x
freebsd / freebsd	4.2-stable	4.2-stable.x
freebsd / freebsd	4.1	4.1.x
freebsd / freebsd	4.4	4.4.x
freebsd / freebsd	4.2	4.2.x
freebsd / freebsd	4.0	4.0.x
freebsd / freebsd	4.1.1	4.1.1.x
freebsd / freebsd	4.3	4.3.x

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc
http://www.iss.net/security_center/static/7956.php
http://www.securityfocus.com/bid/3919

Vulnerability Database

289,599

CVE-2002-0754