Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2012

Description

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

Affected products

Niels/Provos Systrace5 versions
cpe:2.3:a:niels:provos_systrace:1.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:niels:provos_systrace:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:niels:provos_systrace:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:niels:provos_systrace:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:niels:provos_systrace:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:niels:provos_systrace:1.5:*:*:*:*:*:*:*
Vladimir Kotal/Systrace Port For Freebsd2 versions
cpe:2.3:a:vladimir_kotal:systrace_port_for_freebsd:2004-03-09:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:vladimir_kotal:systrace_port_for_freebsd:2004-03-09:*:*:*:*:*:*:*
- cpe:2.3:a:vladimir_kotal:systrace_port_for_freebsd:2004-06-02:*:*:*:*:*:*:*
NetBSD/NetBSD
cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000