CVE-2002-1125
published 2002-09-24CVE-2002-1125: FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave…
PriorityP411low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
0.79%
51.7th percentile
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BubbleMon 1.x Kernel - Memory File Descriptor Leakage
exploitdb·2002-09-16
CVE-2002-1125 BubbleMon 1.x Kernel - Memory File Descriptor Leakage
BubbleMon 1.x Kernel - Memory File Descriptor Leakage
---
source: https://www.securityfocus.com/bid/5714/info
It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through BubbleMon. The program that is executed can be specified by the attacker at the command line.
bubblemon "dummy&/usr/local/sbin/lsof|grep dummy|grep mem"
Exploit-DB
WMNet2 1.0 6 - Kernel Memory File Descriptor Leakage
exploitdb·2002-09-16
CVE-2002-1125 WMNet2 1.0 6 - Kernel Memory File Descriptor Leakage
WMNet2 1.0 6 - Kernel Memory File Descriptor Leakage
---
source: https://www.securityfocus.com/bid/5719/info
It has been reported that wmnet2 is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmnet2. The program that is executed can be specified by the attacker at the command line.
bash-2.05a$ wmnet2 -e "dummy&/usr/local/sbin/lsof|grep
dummy|grep mem"
wmnet: using kmem driver to monitor ec0
dummy 584 dim 3r VCHR 2,0 0t0 21146 /dev/mem
dummy 584 dim 4r VCHR 2,1 0xc037cb8f 21145 /dev/kmem
Exploit-DB
WMMon 1.0 b2 - Memory Character File Open File Descriptor Read
exploitdb·2002-09-16
CVE-2002-1125 WMMon 1.0 b2 - Memory Character File Open File Descriptor Read
WMMon 1.0 b2 - Memory Character File Open File Descriptor Read
---
source: https://www.securityfocus.com/bid/5718/info
It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmmon. The program that is executed can be specified by the attacker at the command line.
bash-2.05a$ cat .wmmonrc
left "/home/dim/dummy"
bash-2.05a$ wmmon &
[1] 793
bash-2.05a$ Monitoring 5 devices for activity.
current stat is :1
bash-2.05a$ /usr/local/sbin/lsof |grep dummy|grep mem
dummy 797 dim 3r VCHR 2,0 0t0 21146 /dev/mem
dummy 797 dim 4r VCHR 2,1 0xc040f54c 21145 /dev/kmem
Exploit-DB
ASCPU 0.60 Kernel - Memory File Descriptor Leakage
exploitdb·2002-09-16
CVE-2002-1125 ASCPU 0.60 Kernel - Memory File Descriptor Leakage
ASCPU 0.60 Kernel - Memory File Descriptor Leakage
---
source: https://www.securityfocus.com/bid/5716/info
It has been reported that ascpu is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through ascpu. The program that is executed can be specified by the attacker at the command line.
ascpu -exe "dummy&/usr/local/sbin/lsof|grep dummy|grep mem"
No writeups or analysis indexed.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.aschttp://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.htmlhttp://marc.info/?l=bugtraq&m=103228135413310&w=2http://www.iss.net/security_center/static/10109.phphttp://www.securityfocus.com/bid/5714http://www.securityfocus.com/bid/5716http://www.securityfocus.com/bid/5718http://www.securityfocus.com/bid/5719http://www.securityfocus.com/bid/5720ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.aschttp://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.htmlhttp://marc.info/?l=bugtraq&m=103228135413310&w=2http://www.iss.net/security_center/static/10109.phphttp://www.securityfocus.com/bid/5714http://www.securityfocus.com/bid/5716http://www.securityfocus.com/bid/5718http://www.securityfocus.com/bid/5719http://www.securityfocus.com/bid/5720
2002-09-24
Published