libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2024-08-08T04:44:06.589Z

Reserved: 2002-01-31T00:00:00

Link: CVE-2001-1029

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2001-09-20T04:00:00.000

Modified: 2024-11-20T23:36:42.207

Link: CVE-2001-1029

cve-icon Redhat

No data.