CVE-2009-2793

NetBSD <5.0.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2793. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in NetBSD by causing a kernel stack desynchronization. It uses signal handling and a NULL function pointer dereference to trigger the vulnerability.

Description

The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · clocalbsd

https://www.exploit-db.com/exploits/33229

View Code ZIP pw:eip

This exploit targets a local privilege escalation vulnerability in NetBSD by causing a kernel stack desynchronization. It uses signal handling and a NULL function pointer dereference to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: NetBSD (version not specified)

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/506531/100/0/threaded

Scores

EPSS 0.0052

EPSS Percentile 39.7%

Details

CWE

CWE-264

Status published

Products (30)

netbsd/netbsd 0.8

netbsd/netbsd 0.9

netbsd/netbsd 1.0

netbsd/netbsd 1.1

netbsd/netbsd 1.2

netbsd/netbsd 1.2.1

netbsd/netbsd 1.3

netbsd/netbsd 1.3.1

netbsd/netbsd 1.3.2

netbsd/netbsd 1.3.3

... and 20 more

Published Sep 18, 2009

Tracked Since Feb 18, 2026