Users of FreeBSD are being pushed to update their software as a 0day exploit has been surfaced. The exploit gives full root access on any vulnerable system. Also it should be noted that it is a local exploit and not something that can be triggered remotely. The flaw affects versions 8.0 and 7.1 of FreeBSD. A post on the full disclosure mailing list read:
The actual exploit can be taken here: http://seclists.org/fulldisclosure/2009/Nov/371
Note: The exploit's link is provided for testing/experimentation purposes and not for malicious purposes.
"The bug resides in the Run-Time Link-Editor (rtld). Normally rtld does not allow dangerous environment variables like LD_PRELOAD to be set when executing setugid binaries like “ping” or “su”. With a rather simple technique rtld can be tricked into accepting LD variables even on setugid binaries. See the attached exploit for details."A patch is available and can be taken here: http://people.freebsd.org/~cperciva/rtld.patch
The actual exploit can be taken here: http://seclists.org/fulldisclosure/2009/Nov/371
Note: The exploit's link is provided for testing/experimentation purposes and not for malicious purposes.
No comments:
Post a Comment