freebsd bug !

gnumac · Dec 3, 2009

The office notify is too late, i lost my freebsd host !
look at the picture, that is the shell script, which will get the root account of your freebsd system.

gnumac · Dec 3, 2009

SirDice · Dec 3, 2009

http://forums.freebsd.org/showthread.php?t=8918
http://forums.freebsd.org/showthread.php?t=8883

Fix: http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc

vivek · Dec 3, 2009

Also, this is local and not remote one. Another good reason not to give user shell access until and unless they have rock solid requirements.

YMMV.

SirDice · Dec 3, 2009

vivek said:
Also, this is local and not remote one. Another good reason not to give user shell access until and unless they have rock solid requirements.

It can be used remote. If you're also running a vulnerable web application that allows command injection. Sure fire way of getting your box pwned.

DutchDaemon · Dec 3, 2009

Search the forums next time ...

freebsd bug !

gnumac

gnumac

SirDice

Administrator

vivek

SirDice

Administrator

DutchDaemon

Administrator