CVE DATABASE / CVE-2001-1029
CVE-2001-1029
CVSS 2.1 · LOW
Summary
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
CVSS 2.0 breakdown
| Base score | 2.1 (LOW) |
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | NONE |
| Availability | NONE |
Affected products
Openbsd opensshFreebsd freebsd
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html
- http://www.osvdb.org/6073
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8697
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.