Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FreeBSD openpty调用访问控制及权限提升漏洞
Vulnerability Description
FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD在处理pty的权限时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 FreeBSD的openpty()函数在为打开的伪终端设置权限时存在错误,恶意的本地用户可以通过执行内部调用了openpty()的程序从非root用户所打开的pty读取文本;此外ptsname(3)函数错误的从/dev中的设备节点名获得了两个字符,但没有核实是否操作调用用户所拥有的是有效控制权。pt_chown使用了ptsname(3)
CVSS Information
N/A
Vulnerability Type
N/A