I found this article by browsing the web.
In August, an update to FreeBSD was released to address a time-of-check to time-of-use (TOCTOU) bug that could be exploited by an unprivileged malicious userspace program for privilege escalation. This vulnerability was reported to the ZDI program by a researcher who goes by the name m00nbsd. He has graciously provided this write-up and proof-of-concept code detailing ZDI-20-949/CVE-2020-7460.
The goal is to achieve kernel code execution on FreeBSD starting from an unprivileged user, using a TOCTOU vulnerability present in the 32-bit sendmsg() system call. This vulnerability has been assigned CVE-2020-7460 and affects all FreeBSD kernels since 2014. Before we get into the details, here’s a quick video showing the exploit in action. Continue reading ...
Source.
In August, an update to FreeBSD was released to address a time-of-check to time-of-use (TOCTOU) bug that could be exploited by an unprivileged malicious userspace program for privilege escalation. This vulnerability was reported to the ZDI program by a researcher who goes by the name m00nbsd. He has graciously provided this write-up and proof-of-concept code detailing ZDI-20-949/CVE-2020-7460.
The goal is to achieve kernel code execution on FreeBSD starting from an unprivileged user, using a TOCTOU vulnerability present in the 32-bit sendmsg() system call. This vulnerability has been assigned CVE-2020-7460 and affects all FreeBSD kernels since 2014. Before we get into the details, here’s a quick video showing the exploit in action. Continue reading ...
Source.
