EIP-2026-103766

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103766. PoCs published by kingcope.

AI-analyzed exploit summary This is a technical writeup detailing a vulnerability in BSD's setusercontext() function, specifically how the LOGIN_SETRESOURCES option can be abused to bypass chroot restrictions and potentially leak sensitive information via core dumps. The author provides a detailed explanation of the attack vector, including proof-of-concept steps and potential for arbitrary code execution.

Description

BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by kingcope · textlocalmultiple

https://www.exploit-db.com/exploits/9489

View Code ZIP pw:eip

This is a technical writeup detailing a vulnerability in BSD's setusercontext() function, specifically how the LOGIN_SETRESOURCES option can be abused to bypass chroot restrictions and potentially leak sensitive information via core dumps. The author provides a detailed explanation of the attack vector, including proof-of-concept steps and potential for arbitrary code execution.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: FreeBSD (5.0, 7.0) and other BSD-derived systems

Auth required

Prerequisites: Access to a user account with upload capabilities · Ability to modify ~/.login_conf · kern.sugid_coredump sysctl setting enabled for core dump exploitation

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 18, 2026 Full analysis →

BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details