CVE-2001-1029
First published: Thu Sep 20 2001(Updated: )
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSH | =4.5 | |
| FreeBSD FreeBSD | <=4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1029?
CVE-2001-1029 is considered a low severity vulnerability due to its limited impact on system security.
How do I fix CVE-2001-1029?
To fix CVE-2001-1029, upgrade to OpenSSH version 4.5 or later, and ensure you are not using FreeBSD versions prior to 4.5.
Who is affected by CVE-2001-1029?
CVE-2001-1029 affects local users of OpenSSH on FreeBSD versions 4.4 and earlier.
What are the implications of CVE-2001-1029?
The implications of CVE-2001-1029 include potential unauthorized access to arbitrary files by local users.
Can local users exploit CVE-2001-1029?
Yes, local users can exploit CVE-2001-1029 by specifying alternate copyright or welcome files to bypass capability checks.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/openbsd
- canonical/openssh
- version/openssh/4.5
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/4.4