Metasploit modules that can be used to exploit Freebsd » Freebsd » 7.0

Order by Disclosure Date Module Name Module Type
  • FreeBSD Intel SYSRET Privilege Escalation
    Disclosure Date: 2012-06-12
    First seen: 2020-04-26
    exploit/freebsd/local/intel_sysret_priv_esc
    This module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution. This module has been tested successfully on: FreeBSD 8.3-RELEASE (amd64); and FreeBSD 9.0-RELEASE (amd64). Authors: - Rafal Wojtczuk - John Baldwin - iZsh - bcoles <bcoles@gmail.com>
1 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close