← Back

CVE-2002-0754

nvd nist
Published: Aug 12, 2002Modified: Apr 16, 2026

JSON object

Loading...
7.2
Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 3.9 / Impact: 10.0
Source: NVD

Description

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

Affected (13)

Freebsd
2 products
Heimdal
Freebsd
Kth
1 product
Heimdal
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Heimdal
Version 0.4e
Heimdal
Version 0.4e
Configuration B
11 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Freebsd
Version 4.0
Freebsd
Version 4.1.1
Freebsd
Version 4.1.1 release
Freebsd
Version 4.1.1 stable
Freebsd
Version 4.1
Freebsd
Version 4.2
Freebsd
Version 4.2 stable
Freebsd
Version 4.3
Freebsd
Version 4.3 release
Freebsd
Version 4.3 stable
Freebsd
Version 4.4

References (6)

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc (unsafe URL)
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.