CVE-2002-0572 : FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from res

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

Published 2002-07-03 04:00:00

Updated 2018-10-30 16:26:23

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2002-0572

Top countries where our scanners detected CVE-2002-0572

Top open port discovered on systems with this issue 554

IPs affected by CVE-2002-0572 2

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2002-0572!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2002-0572

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-0572

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2002-0572

http://www.securityfocus.com/bid/4568

Exploit;Patch;Vendor Advisory
http://www.kb.cert.org/vuls/id/809347

US Government Resource
http://www.iss.net/security_center/static/8920.php
http://online.securityfocus.com/archive/1/269102
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc

Patch;Vendor Advisory

CVEs referencing this url
http://www.ciac.org/ciac/bulletins/m-072.shtml
http://online.securityfocus.com/archive/1/268970

Exploit;Patch;Vendor Advisory
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html

Products affected by CVE-2002-0572

SUN » Sunos » Version: 5.5.1
cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
Matching versions
SUN » Sunos » Version: N/A
cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
Matching versions
SUN » Sunos » Version: 5.7
cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
Matching versions
SUN » Sunos » Version: 5.8
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 2.6
cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 2.5.1 X86 Edition
cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 7.0 X86 Edition
cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
Matching versions
SUN » Solaris » Version: 8.0 X86 Edition
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 4.5 Update Stable
cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 4.5 Update Release
cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 4.4 Update Releng
cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*
Matching versions
Openbsd » Openbsd » Version: 2.3
cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
Matching versions
Openbsd » Openbsd » Version: 2.2
cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
Matching versions
Openbsd » Openbsd » Version: 2.1
cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
Matching versions
Openbsd » Openbsd » Version: 2.0
cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-0572

Threat overview for CVE-2002-0572

Exploit prediction scoring system (EPSS) score for CVE-2002-0572

CVSS scores for CVE-2002-0572

References for CVE-2002-0572

Products affected by CVE-2002-0572