PT-2001-2315 · Freebsd · Freebsd

Published

2001-07-10

Updated

2017-10-10

CVE-2001-1180

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeBSD version 4.3

Description The issue arises from improper clearing of shared signal handlers when executing a process. This allows local users to gain privileges by calling rfork() with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.

Recommendations For FreeBSD version 4.3, consider updating to a newer version that properly clears shared signal handlers to prevent privilege escalation. As a temporary workaround, restrict the use of setuid programs and shared signal handlers to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1180

Affected Products

Freebsd

PT-2001-2315 · Freebsd · Freebsd

CVE-2001-1180

Related Identifiers

Affected Products

References · 8