Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD mmap+ptrace vulnerability
Published:01.07.2013
Source:
SecurityVulns ID:13145
Type:local
Threat Level:
7/10
Description:It's possible to modify mmap memory mapped files via ptrace.
Affected:FREEBSD : FreeBSD 9.1
CVE:CVE-2013-2171 (The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.)
Original documentdocumentHunger, Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :) (01.07.2013)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-13:06.mmap [REVISED] (01.07.2013)
Files:FreeBSD 9.{0,1} mmap/ptrace exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod