Add FreeBSD 8.3 / 9.0 Intel SYSRET Privilege Escalation module #11092
Add FreeBSD 9 Intel SYSRET Privilege Escalation module.
Lazy wrapper for
The payload isn't strictly required. The exploit upgrades the privileges of the current task, and by the time the payload executes we're already
Closer inspection reveals this exploit was likely stolen from @iZsh from fail0verflow. CurcolHekerLink's exploit was posted to EDB in 2013. iZsh's exploit and accompanying analysis is very similar and predates the exploit by about a year:
Unfortunately, the exploit is not licensed, and the copyright infringement punishment is undesirable:
// CVE-2012-0217 Intel sysret exploit -- iZsh (izsh at fail0verflow.com) // Copyright 2012 all right reserved, not for commercial uses, bitches // Infringement Punishment: Monkeys coming out of your ass Bruce Almighty style.
I would prefer to use the original work. I've updated the module in my local repo, and asked iZsh for permission to use the original exploit. Adding
The freebsd/local/intel_sysret_priv_esc exploit module has been added to the framework. This local privilege escalation exploit module targets a vulnerability in the FreeBSD kernel when running on 64-bit Intel processors, leveraging a mishandled edge cases with the SYSRET instruction.