Exploit published for FreeBSD local root vulnerability

[Anonymous]

http://blogs.zdnet.com/security/?p=5010
The article says "It affects FreeBSD versions 7.1 and 8.0."
I'm running 7.2, does that mean I'm not affected by this?

 

[Voltar]

http://blogs.zdnet.com/security/?p=5010
The article says "It affects FreeBSD versions 7.1 and 8.0."
I'm running 7.2, does that mean I'm not affected by this?

It works on my home fileserver, FreeBSD 7.2-STABLE last updated/compiled 17-Nov.

 

[pprocacci]

I've tested, version 4.9, 4.11, 6.4, 7.0, 7.1, 7.2, 8.0. All -REALEASE. Of them only 7.x and 8.0 are affected.

 

[CodeBlock]

Oh wow interesting. Is the patch in 8.0-STABLE yet? Or has the sec. advisory been announced yet? This is interesting/bad.

 

[jrick]

Oh wow interesting. Is the patch in 8.0-STABLE yet? Or has the sec. advisory been announced yet? This is interesting/bad.

Yeah, it's in 8-STABLE. I rebuilt a few hours ago, and the exploit doesn't seem to work anymore.

 

[respite]

Wow. Seems the exploit was found by kingcope. That guy has released a lot of interesting work.

 

[quakerdoomer]

Runs successfully on 8.0 RC1.
**************************************************
**** DOES NOT AFFECT FreeBSD 8.0-CURRENT-200902 ****
**************************************************
Request everyone to check if they have 8.0's Pre Releases.
Would be intersting to check the pre-release source (/usr/src/libexec/rtld-elf/rtld.c) with the
temporary patch provided.

Since /sbin/ping has been execl-ed in the code, on exitting the root shell it (echoes out) teaches the usage of ping to the exploiter

 

[SirDice]

Since /sbin/ping has been execl-ed in the code, on exitting the root shell it (echoes out) teaches the usage of ping to the exploiter

Yes, but do note it's not ping that's the problem. Any suid root program could be used for this.