CVE-2010-4210

HIGH

FreeBSD 7.x < 7.3-RELEASE and 8.x < 8.0-RC1 - DoS and Memory Overwrite via pfs_getextattr

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4210. PoCs published by Babcia Padlina.

AI-analyzed exploit summary This exploit leverages a null pointer dereference in FreeBSD's pseudofs to overwrite the syscall table and execute arbitrary kernel code, achieving local privilege escalation to root. It uses the extattr_get_link function to trigger the vulnerability and injects shellcode to modify thread credentials.

Description

The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Babcia Padlina · clocalbsd

https://www.exploit-db.com/exploits/15206

View Code ZIP pw:eip

This exploit leverages a null pointer dereference in FreeBSD's pseudofs to overwrite the syscall table and execute arbitrary kernel code, achieving local privilege escalation to root. It uses the extattr_get_link function to trigger the vulnerability and injects shellcode to modify thread credentials.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: FreeBSD 7.0 - 7.2

No auth needed

Prerequisites: Access to a vulnerable FreeBSD system · procfs mounted · Ability to execute code on the target system

MITRE ATT&CK