Detections
Analytics

FreeBSD : FreeBSD -- Privilege escalation via mmap (abef280d-d829-11e2-b71c-8c705af55518)

medium Nessus Plugin ID 66919

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?2e47e853

Plugin Details

Severity: Medium

ID: 66919

File Name: freebsd_pkg_abef280dd82911e2b71c8c705af55518.nasl

Version: 1.14

Type: local

Published: 6/19/2013

Updated: 1/6/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/18/2013

Vulnerability Publication Date: 6/18/2013

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (FreeBSD 9 Address Space Manipulation Privilege Escalation)

Reference Information

CVE: CVE-2013-2171

BID: 60615

FreeBSD: SA-13:06.mmap