Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BSD内核exec调用处理C程序库标准I/O文件描述符不当导致权限提升漏洞
Vulnerability Description
BSD Unix是一个Unix类操作系统的重要分支。 基于BSD内核系统实现上在进I/O操作时存在漏洞,导致本地攻击者可能利用此漏洞得到主机的root权限。 基于BSD内核的系统在用exec()调用执行特权程序时,不恰当地假设0、1、2是stdin、stdout、stderr。这样的后果可能出现向2号句柄写入错误提示信息的可能,而当2号句柄并非stderr时,就会破坏实际对应的那个文件。利用这个漏洞,攻击者可以把恶意的数据写到敏感的I/O通道中去,本地攻击者可能因此得到root权限。
CVSS Information
N/A
Vulnerability Type
N/A