FreeBSD 7.2 local root vulnerability

[DutchDaemon]

Addition to http://forums.freebsd.org/showthread.php?t=7032

The root exploit appears to have spread to FreeBSD 7.2

http://www.vimeo.com/6580991

 

[CodeBlock]

That's bad - is it fixed in 8-BETA4?

 

[aragon]

Is the source for dupa.c available?

 

[Business_Woman]

ouch, i wonder if the person who wrote the bad code will get scolded.

 

[ale]

Is the source for dupa.c available?

dupa.c?
I've found something about Solaris 9/10.

Anyway, if we are talking about that exploit, the answer is yes.

 

[aragon]

So where does one get it? I want to see what they're exploiting. Or is it some big secret still?

 

[Alt]

kqueue bug

 

[Beastie]

Or is it some big secret still?

"will be disclosed after official advisory". I guess this applies to both 6.4 and 7.2.

All I could find was the Solaris 9/10 bug ale found, decade-old FreeBSD bugs and a recent kqueue() bug that affected 6.1 and below...

 

[ProFTP]

FreeBSD added:
/dev/pussy

 

[Lem0nHead]

I've patched now after the advisory
is there any kind of exploit or some test I can do to make sure I'm no longer affected?

 

[CodeBlock]

Is there something official saying it's patched? (Link?)

Anyway if it officially is, glad to hear it.

 

[Lem0nHead]

6.x
http://security.freebsd.org/advisories/FreeBSD-SA-09:13.pipe.asc

6.x and 7.x
http://security.freebsd.org/advisories/FreeBSD-SA-09:14.devfs.asc