Forgot your password?
typodupeerror
Security Unix BSD IT

Serious Remote FreeBSD Exploit Posted, Patched 7

Posted by timothy
from the wait-thought-you-said-openbsd dept.
Trailrunner7 writes "A researcher has published an explanation of a new flaw in FreeBSD that allows a remote attacker to take control of a vulnerable machine. The vulnerability could give an attacker root access to the FreeBSD machine, and the FreeBSD developers have published a patch for the flaw early Tuesday. The vulnerability lies in run-time link-editor and, if exploited, gives an attacker the ability to run arbitrary code. The researcher, Kingcope, has posted an explanation of the flaw on the Full Disclosure mailing list. In a message to FreeBSD users, Colin Percival, the project's security officer, said that because of the severity of the flaw and the fact that exploit code already is available, he felt it was necessary to post the patch as soon as possible, without even publishing a security advisory."
This discussion has been archived. No new comments can be posted.

Serious Remote FreeBSD Exploit Posted, Patched

Comments Filter:
  • ...and it seems simple enough. Kind of wonder why those env variables wouldn't be unset by default for everything, then set only on programs that should need root. Are those just inherited; do you still need root access to build the FreeBSD user-space? (I honestly don't know; haven't used FreeBSD since the abortion that was 5.x. NetBSD, which is what I use for BSD these days, you can build everything as a regular user.)

    • Re: (Score:3, Informative)

      by FrangoAssado (561740)

      Kind of wonder why those env variables wouldn't be unset by default for everything, then set only on programs that should need root.

      The environment is inherited *at run time*, not during compilation. And the problem was in the code that tried to unset these variables before loading the executable file: it was failing if the environment was corrupt. With the patch, it detects this and aborts.

  • FYI (Score:4, Informative)

    by revisionz (82265) on Tuesday December 01, 2009 @01:33PM (#30285360)

    Local attack only.

  • by Anonymous Coward

    The posters should RTFA before posting. It is a local exploit, and although serious, it can't be compared with a remote exploit.

  • It seems that it is.

    Come on, SlashDot younglings, ask what PiHex is/was and why?

The secret of success is sincerity. Once you can fake that, you've got it made. -- Jean Giraudoux

Working...