CVE-2009-3527

Freebsd - Race Condition

Title source: rule

Description

Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Przemyslaw Frasunek · clocalfreebsd

https://www.exploit-db.com/exploits/9859

View Code ZIP pw:eip

References (5)

[Patch] http://security.freebsd.org/advisories/FreeBSD-SA-09:13.pipe.asc

[Exploit] http://www.securityfocus.com/archive/1/506449

[Patch] http://www.securityfocus.com/bid/36375

[Patch] http://www.securitytracker.com/id?1022982

[Third Party Advisory, VDB Entry] http://osvdb.org/58544

Scores

EPSS 0.0028

EPSS Percentile 51.5%

Details

CWE

CWE-362

Status published

Products (2)

freebsd/freebsd 6.3

freebsd/freebsd 6.4

Published Oct 06, 2009

Tracked Since Feb 18, 2026