Vulnerabilities > CVE-2004-0114 - Privilege Escalation vulnerability in BSD Kernel SHMAT System Call

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
freebsd
netbsd
openbsd
nessus
exploit available

Summary

The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.

Exploit-Db

descriptionBSD Kernel SHMAT System Call Privilege Escalation Vulnerability. CVE-2004-0114. Local exploit for bsd platform
idEDB-ID:23655
last seen2016-02-02
modified2004-02-05
published2004-02-05
reporterJoost Pol
sourcehttps://www.exploit-db.com/download/23655/
titleBSD Kernel - SHMAT System Call Privilege Escalation Vulnerability

Nessus

NASL familyFreeBSD Local Security Checks
NASL idFREEBSD_SHMAT.NASL
descriptionThe remote host is running a version of the FreeBSD kernel which may be contains a programming error in the shmat(2) system call which can let a local attacker to gain read or write access to a portion of the kernel memory which in turn might be used to elevate his privileges or gain access to sensitive information.
last seen2020-06-01
modified2020-06-02
plugin id12614
published2004-07-06
reporterThis script is Copyright (C) 2004-2011 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/12614
titleFreeBSD : SA-04:02.shmat