CVE-2007-0085

OpenBSD 3.9-4.0 - Local Privilege Escalation via VGA PCI Driver NULL Pointer Dereference

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0085. PoCs published by Critical Security.

AI-analyzed exploit summary This exploit targets a vulnerability in OpenBSD's vga_ioctl() function (CVE-2007-0085) to achieve local privilege escalation. It uses a crafted shellcode to overwrite kernel credentials and spawn a root shell.

Description

Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Critical Security · clocalbsd

https://www.exploit-db.com/exploits/3094

View Code ZIP pw:eip

This exploit targets a vulnerability in OpenBSD's vga_ioctl() function (CVE-2007-0085) to achieve local privilege escalation. It uses a crafted shellcode to overwrite kernel credentials and spawn a root shell.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: OpenBSD 3.x-4.0

No auth needed

Prerequisites: Local access to the target system · Vulnerable OpenBSD version (3.x-4.0)

MITRE ATT&CK