CVE-2010-2693

FreeBSD 7.1-8.1-PRERELEASE - Denial of Service and Privilege Escalation via sendfile System Call

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2693. PoCs published by kingcope.

AI-analyzed exploit summary This exploit leverages a FreeBSD sendfile cache vulnerability (CVE-2010-2693) to achieve local privilege escalation by injecting shellcode into /bin/sh, which then spawns a root shell via /tmp/sh. The exploit supports both i386 and amd64 architectures.

Description

FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kingcope · clocalfreebsd

https://www.exploit-db.com/exploits/14688

View Code ZIP pw:eip

This exploit leverages a FreeBSD sendfile cache vulnerability (CVE-2010-2693) to achieve local privilege escalation by injecting shellcode into /bin/sh, which then spawns a root shell via /tmp/sh. The exploit supports both i386 and amd64 architectures.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: FreeBSD 7.* and 8.* prior to July 12, 2010

No auth needed

Prerequisites: Local access to a vulnerable FreeBSD system · Ability to compile and execute the exploit binary · Network connectivity to localhost on port 7030

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →