CVE-2002-1667 - The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the

CVE-2002-1667

Summary

The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags.

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc
https://exchange.xforce.ibmcloud.com/vulnerabilities/8921

Vulnerable Configurations

cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

freebsd	FreeBSD-SA-02:22
xf	freebsd-mmap-msync-dos(8921)

Last major update

11-07-2017 - 01:29

Published

31-12-2002 - 05:00

Last modified

11-07-2017 - 01:29