Race Condition in Exec for OpenBSD, NetBSD, and FreeBSD by Multiple Vendors
CVE-2002-2092

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD; OpenBSD; Netbsd
Vendor: CVE Published:; 31 December 2002

What is CVE-2002-2092?

A vulnerability exists in the exec command for OpenBSD, NetBSD, and FreeBSD, where a race condition can be exploited. Local users can gain higher privileges by attaching a debugger to a process before the operating system determines whether the process should be running with setuid or setgid permissions. This timing issue can lead to unauthorized access and control over system resources, posing a significant security risk for affected systems.

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD...

vendor-advisoryx_refsource_FREEBSD

http://www.securityfocus.com/bid/3891

vdb-entryx_refsource_BID

http://www.osvdb.org/19475

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability Reserved
Aug 5, 2005
Vulnerability published
Dec 31, 2002