The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.
Published 2013-07-02 03:43:34
Updated 2019-03-18 15:35:24
Source Red Hat, Inc.
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-2171

0.27%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2013-2171

  • FreeBSD 9 Address Space Manipulation Privilege Escalation
    Disclosure Date: 2013-06-18
    First seen: 2020-04-26
    exploit/freebsd/local/mmap
    This module exploits a vulnerability that can be used to modify portions of a process's address space, which may lead to privilege escalation. Systems such as FreeBSD 9.0 and 9.1 are known to be vulnerable. Authors: - Konstantin Belousov - Alan Cox - Hu

CVSS scores for CVE-2013-2171

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.9
MEDIUM AV:L/AC:M/Au:N/C:C/I:C/A:C
3.4
10.0
NIST

CWE ids for CVE-2013-2171

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-2171

Products affected by CVE-2013-2171

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!