CVE-2013-2171

FreeBSD 9 Address Space Manipulation Privilege Escalation

Title source: metasploit

Description

The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalfreebsd

https://www.exploit-db.com/exploits/26454

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Hunger · clocalfreebsd

https://www.exploit-db.com/exploits/26368

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by 0xGabe · poc

https://github.com/0xGabe/FreeBSD-9.0-9.1-Privilege-Escalation

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Konstantin Belousov, Alan Cox, Hunger, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/local/mmap.rb

View Code ZIP pw:eip

References (3)

[Various Sources] http://svnweb.freebsd.org/base?view=revision&revision=251901

[Vendor Advisory] http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc

[Third Party Advisory] http://www.debian.org/security/2013/dsa-2714

Scores

EPSS 0.2417

EPSS Percentile 96.1%

Details

CWE

CWE-264

Status published

Products (2)

freebsd/freebsd 9.0

freebsd/freebsd 9.1 (2 CPE variants)

Published Jul 02, 2013

Tracked Since Feb 18, 2026