CVE-2013-2171

EPSS 6.9%

The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.

Affected products

n/a · n/a

public PoCs found — 3

githubgithub.com/0xGabe/FreeBSD-9.0-9.1-Privilege-Escalation★ 1 exploitdbwww.exploit-db.com/exploits/26454unverified exploitdbwww.exploit-db.com/exploits/26368unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://svnweb.freebsd.org/base?view=revision&revision=251901 http://www.debian.org/security/2013/dsa-2714 http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc