Unrated severityNVD Advisory· Published Jul 3, 2002· Updated Jun 16, 2026

CVE-2002-0572

Description

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FreeBSD/FreeBSD4 versions
cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*
- (no CPE)range: <=4.5
OpenBSD/OpenBSD4 versions
cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
Sun Corporation/Solaris4 versions
cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*+ 3 more
- cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
Sun Corporation/Sunos4 versions
cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

Root cause

"Local users can manipulate file descriptors to gain elevated privileges."

Attack vector

A local user can exploit this vulnerability by closing standard input, output, or error file descriptors (0, 1, or 2). These descriptors may then be reused by a called setuid process, allowing the user to read from or write to restricted files that the setuid process has access to. This can lead to privilege escalation, potentially granting root access to the attacker [ref_id=1].

Affected code

The vulnerability exists in FreeBSD 4.5 and earlier, and potentially other BSD-based operating systems. The advisory does not specify exact file paths or function names involved in the vulnerability [ref_id=1].

What the fix does

The advisory indicates that a patch is available via ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc. The advisory does not provide specific details on the patch's implementation, but it is intended to address the vulnerability where file descriptors 0, 1, or 2 could be reused by setuid processes, leading to unauthorized file access [ref_id=1].

Preconditions

authThe attacker must have local access to the affected system.

Reproduction

http://online.securityfocus.com/archive/1/268970 http://www.securityfocus.com/bid/4568

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.ascnvdPatchVendor Advisory
online.securityfocus.com/archive/1/268970nvdExploitPatchVendor Advisory
www.securityfocus.com/bid/4568nvdExploitPatchVendor Advisory
www.kb.cert.org/vuls/id/809347nvdUS Government Resource
archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.htmlnvd
online.securityfocus.com/archive/1/269102nvd
www.ciac.org/ciac/bulletins/m-072.shtmlnvd
www.iss.net/security_center/static/8920.phpnvd
www.osvdb.org/6095nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000