Vulnerabilities > CVE-2004-0114 - Privilege Escalation vulnerability in BSD Kernel SHMAT System Call
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
Vulnerable Configurations
Exploit-Db
description | BSD Kernel SHMAT System Call Privilege Escalation Vulnerability. CVE-2004-0114. Local exploit for bsd platform |
id | EDB-ID:23655 |
last seen | 2016-02-02 |
modified | 2004-02-05 |
published | 2004-02-05 |
reporter | Joost Pol |
source | https://www.exploit-db.com/download/23655/ |
title | BSD Kernel - SHMAT System Call Privilege Escalation Vulnerability |
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_SHMAT.NASL |
description | The remote host is running a version of the FreeBSD kernel which may be contains a programming error in the shmat(2) system call which can let a local attacker to gain read or write access to a portion of the kernel memory which in turn might be used to elevate his privileges or gain access to sensitive information. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12614 |
published | 2004-07-06 |
reporter | This script is Copyright (C) 2004-2011 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12614 |
title | FreeBSD : SA-04:02.shmat |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc
- http://marc.info/?l=bugtraq&m=107608375207601&w=2
- http://www.openbsd.org/errata33.html#sysvshm
- http://www.osvdb.org/3836
- http://www.pine.nl/press/pine-cert-20040201.txt
- http://www.securityfocus.com/bid/9586
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15061