CVE-2001-1180
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/07/2001
Last modified:
03/04/2025
Description
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc
- http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html
- http://ciac.llnl.gov/ciac/bulletins/l-111.shtml
- http://www.kb.cert.org/vuls/id/943633
- http://www.osvdb.org/1897
- http://www.securityfocus.com/bid/3007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6829
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc
- http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html
- http://ciac.llnl.gov/ciac/bulletins/l-111.shtml
- http://www.kb.cert.org/vuls/id/943633
- http://www.osvdb.org/1897
- http://www.securityfocus.com/bid/3007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6829