CVE-2004-0114

Severity

46%

Complexity

39%

Confidentiality

106%

The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.

The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 20 years ago

2004-03-03 05:00:00

Last updated 7 years ago

2017-10-10 01:30:00

Affected Software

FreeBSD

NetBSD

OpenBSD

References

FreeBSD-SA-04:02

Patch, Vendor Advisory

NetBSD-SA2004-004

20040205 [PINE-CERT-20040201] reference count overflow in shmat()

http://www.openbsd.org/errata33.html#sysvshm

3836

http://www.pine.nl/press/pine-cert-20040201.txt

9586

Patch, Vendor Advisory

bsd-shmat-gain-privileges(15061)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.