CVE-2013-2171
FreeBSD 9 - Address Space Manipulation Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.
La función vm_map_lookup en sys/vm/vm_map.c
en la ejecución de "mmap" en el kernel en FreeBSD v9.0 hasta v9.1-RELEASE-p4 no determina correctamente si una tarea debe tener acceso de escritura a una posición de memoria, que permite a los usuarios locales saltarse permisos de escritura del sistema de archivos y por lo tanto obtener privilegios a través de una aplicación manipulada que aprovecha permisos de lectura, y que hace llamadas al sistema "mmap" y "ptrace".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-02-19 CVE Reserved
- 2013-06-18 CVE Published
- 2013-06-21 First Exploit
- 2024-07-26 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://svnweb.freebsd.org/base?view=revision&revision=251901 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/26454 | 2013-06-26 | |
https://www.exploit-db.com/exploits/26368 | 2013-06-21 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2013/dsa-2714 | 2019-03-18 | |
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc | 2019-03-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.0 Search vendor "Freebsd" for product "Freebsd" and version "9.0" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.1 Search vendor "Freebsd" for product "Freebsd" and version "9.1" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.1 Search vendor "Freebsd" for product "Freebsd" and version "9.1" | p4 |
Affected
|