vulnerability

FreeBSD: VID-49c35943-0eeb-421c-af4f-78e04582e5fb (CVE-2021-41387): seatd-launch -- privilege escalation with SUID

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:S/C:C/I:C/A:C)	Sep 16, 2021	Nov 4, 2022	Mar 25, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

Sep 16, 2021

Added

Nov 4, 2022

Modified

Mar 25, 2026

Description

Kenny Levinsen reports: seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH. If seatd-launch had the SUID bit set, this could be used by a malicious user with the ability to execute seatd-launch to mount a privilege escalation attack to the owner of seatd-launch, which is likely root.

Solution

freebsd-upgrade-package-seatd

References

CVE-2021-41387
https://attackerkb.com/topics/CVE-2021-41387
CWE-426
EUVD-EUVD-2021-28415
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-28415

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today