CVE-2016-1885

MEDIUM

FreeBSD <9.3p39, 10.1p31, 10.2p14 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1885. PoCs published by Core Security.

AI-analyzed exploit summary This exploit demonstrates a heap overflow in the FreeBSD kernel due to an integer signedness error in the amd64_set_ldt function, allowing local unprivileged attackers to crash the system.

Description

Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · cdosfreebsd_x86-64

https://www.exploit-db.com/exploits/39570

View Code ZIP pw:eip

This exploit demonstrates a heap overflow in the FreeBSD kernel due to an integer signedness error in the amd64_set_ldt function, allowing local unprivileged attackers to crash the system.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: FreeBSD 10.2 amd64

No auth needed

Prerequisites: Local access to a vulnerable FreeBSD system

MITRE ATT&CK