Welcome!

Welcome to the 1337pwn community forums. Register now for an account.

Register Now

Announcement

Collapse
No announcement yet.

FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation

    This Metasploit module exploits a race and use-after-free vulnerability in the FreeBSD kernel IPv6 socket handling. A missing synchronization lock in the IPV6_2292PKTOPTIONS option handling in setsockopt permits racing ip6_setpktopt access to a freed ip6_pktopts struct. This exploit overwrites the ip6po_pktinfo pointer of a ip6_pktopts struct in freed memory to achieve arbitrary kernel read/write.

    More...
Working...
X