CVE-2002-2092: Race Condition

First published: Tue Dec 31 2002(Updated: )

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
FreeBSD FreeBSD	=4.3-releng
FreeBSD FreeBSD	=4.1.1-stable
FreeBSD FreeBSD	=3.1
Openbsd Openbsd	=2.8
FreeBSD FreeBSD	=4.1.1-release
FreeBSD FreeBSD	=2.2.5
NetBSD NetBSD	=1.3
NetBSD NetBSD	=1.5
FreeBSD FreeBSD	=4.4-stable
FreeBSD FreeBSD	=4.3-stable
FreeBSD FreeBSD	=2.2.2
NetBSD NetBSD	=1.3.1
Openbsd Openbsd	=2.9
FreeBSD FreeBSD	=2.2.3
FreeBSD FreeBSD	=4.3-release
Openbsd Openbsd	=2.1
NetBSD NetBSD	=1.4.2
FreeBSD FreeBSD	=4.2-stable
FreeBSD FreeBSD	=3.5.1
Openbsd Openbsd	=2.2
NetBSD NetBSD	=1.3.3
Openbsd Openbsd	=2.0
Openbsd Openbsd	=2.7
FreeBSD FreeBSD	=4.1
FreeBSD FreeBSD	=2.2.8
NetBSD NetBSD	=1.5.1
FreeBSD FreeBSD	=4.4-releng
FreeBSD FreeBSD	=4.4
FreeBSD FreeBSD	=2.2
FreeBSD FreeBSD	=3.0
Openbsd Openbsd	=2.4
FreeBSD FreeBSD	=3.2
NetBSD NetBSD	=1.5.2
FreeBSD FreeBSD	=4.2
NetBSD NetBSD	=1.4.3
FreeBSD FreeBSD	=2.2.4
FreeBSD FreeBSD	=2.1.0
FreeBSD FreeBSD	=2.2.6
Openbsd Openbsd	=3.0
FreeBSD FreeBSD	=3.3
FreeBSD FreeBSD	=4.0
FreeBSD FreeBSD	=4.1.1
FreeBSD FreeBSD	=4.3
FreeBSD FreeBSD	=3.4
FreeBSD FreeBSD	=3.5
NetBSD NetBSD	=1.4
NetBSD NetBSD	=1.3.2
Openbsd Openbsd	=2.6
NetBSD NetBSD	=1.4.1
Openbsd Openbsd	=2.5
Openbsd Openbsd	=2.3
FreeBSD FreeBSD	=2.0

Remedy

http://www.securityfocus.com/bid/3891

Never miss a vulnerability like this again

Reference Links

agent/type
agent/last-modified-date
agent/first-publish-date
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/references
agent/author
agent/remedy
agent/weakness
agent/severity
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/freebsd
canonical/freebsd freebsd
version/freebsd freebsd/4.3-releng
version/freebsd freebsd/4.1.1-stable
version/freebsd freebsd/3.1
vendor/openbsd
canonical/openbsd openbsd
version/openbsd openbsd/2.8
version/freebsd freebsd/4.1.1-release
version/freebsd freebsd/2.2.5
vendor/netbsd
canonical/netbsd netbsd
version/netbsd netbsd/1.3
version/netbsd netbsd/1.5
version/freebsd freebsd/4.4-stable
version/freebsd freebsd/4.3-stable
version/freebsd freebsd/2.2.2
version/netbsd netbsd/1.3.1
version/openbsd openbsd/2.9
version/freebsd freebsd/2.2.3
version/freebsd freebsd/4.3-release
version/openbsd openbsd/2.1
version/netbsd netbsd/1.4.2
version/freebsd freebsd/4.2-stable
version/freebsd freebsd/3.5.1
version/openbsd openbsd/2.2
version/netbsd netbsd/1.3.3
version/openbsd openbsd/2.0
version/openbsd openbsd/2.7
version/freebsd freebsd/4.1
version/freebsd freebsd/2.2.8
version/netbsd netbsd/1.5.1
version/freebsd freebsd/4.4-releng
version/freebsd freebsd/4.4
version/freebsd freebsd/2.2
version/freebsd freebsd/3.0
version/openbsd openbsd/2.4
version/freebsd freebsd/3.2
version/netbsd netbsd/1.5.2
version/freebsd freebsd/4.2
version/netbsd netbsd/1.4.3
version/freebsd freebsd/2.2.4
version/freebsd freebsd/2.1.0
version/freebsd freebsd/2.2.6
version/openbsd openbsd/3.0
version/freebsd freebsd/3.3
version/freebsd freebsd/4.0
version/freebsd freebsd/4.1.1
version/freebsd freebsd/4.3
version/freebsd freebsd/3.4
version/freebsd freebsd/3.5
version/netbsd netbsd/1.4
version/netbsd netbsd/1.3.2
version/openbsd openbsd/2.6
version/netbsd netbsd/1.4.1
version/openbsd openbsd/2.5
version/openbsd openbsd/2.3
version/freebsd freebsd/2.0

CVE-2002-2092: Race Condition

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact