Privilege Escalation via Incomplete Privilege Drop in tcptraceroute 1.4 and Earlier

Privilege Escalation via Incomplete Privilege Drop in tcptraceroute 1.4 and Earlier

CVE-2003-0489 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.

Learn more about our User Device Pen Test.