CVE-2002-1125

FreeBSD <= 4.6.2-RELEASE - Kernel Memory Exposure via libkvm File Descriptor Leak

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2002-1125. PoCs published by badc0ded.

AI-analyzed exploit summary This exploit leverages BubbleMon's file descriptor leakage vulnerability to disclose kernel memory by executing a malicious command that inherits open file descriptors for /dev/mem and /dev/kmem.

Description

FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.

Exploits (4)

exploitdb WORKING POC VERIFIED
by badc0ded · textlocalunix
https://www.exploit-db.com/exploits/21796

This exploit leverages BubbleMon's file descriptor leakage vulnerability to disclose kernel memory by executing a malicious command that inherits open file descriptors for /dev/mem and /dev/kmem.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: BubbleMon (version not specified)
No auth needed
Prerequisites: BubbleMon installed and running on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by badc0ded · textlocalunix
https://www.exploit-db.com/exploits/21797

This exploit leverages ascpu's vulnerability to leak open file descriptors, allowing attackers to inherit access to /dev/mem and /dev/kmem by executing a malicious command. The PoC uses lsof to identify the leaked descriptors, confirming the information disclosure.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ascpu (version not specified)
No auth needed
Prerequisites: ascpu installed on the target system · ability to execute commands via ascpu
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by badc0ded · textlocalfreebsd
https://www.exploit-db.com/exploits/21799

This exploit demonstrates a file descriptor leakage vulnerability in wmnet2, allowing attackers to inherit open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmnet2. The PoC uses lsof to confirm the exposure of kernel memory access.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: wmnet2
No auth needed
Prerequisites: wmnet2 installed and executable · access to execute wmnet2 with the -e option
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by badc0ded · textlocalfreebsd
https://www.exploit-db.com/exploits/21798

The exploit demonstrates a file descriptor leakage vulnerability in wmmon, allowing an attacker to inherit open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmmon. This can lead to unauthorized disclosure of kernel memory.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: wmmon (version not specified)
No auth needed
Prerequisites: Access to execute wmmon · Ability to modify .wmmonrc file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103228135413310&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5719
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5718
Various Sources vendor-advisory x_refsource_freebsd
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5714
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10109.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5720
Third Party Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5716

Scores

EPSS 0.0079
EPSS Percentile 51.5%

Details

Status published
Products (5)
freebsd/freebsd 4.2
freebsd/freebsd 4.3
freebsd/freebsd 4.4
freebsd/freebsd 4.5
freebsd/freebsd 4.6
Published Sep 24, 2002
Tracked Since Feb 18, 2026