Vulnerability CVE-2013-2171


Published: 2013-07-01   Modified: 2013-07-02

Description:
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.

See advisories in our WLB2 database:
Topic
Author
Date
High
FreeBSD 9.1 mmap/ptrace exploit
Hunger
20.06.2013
High
FreeBSD 9.0+ Privilege Escalation Exploit
SynQ
24.06.2013
Med.
FreeBSD 9 Address Space Manipulation Privilege Escalation metasploit
sinn3r
26.06.2013

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Freebsd -> Freebsd 

 References:
http://svnweb.freebsd.org/base?view=revision&revision=251901
http://www.debian.org/security/2013/dsa-2714
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc

Copyright 2024, cxsecurity.com

 

Back to Top