FreeBSD bug grants local root access (FreeBSD 6.x)
Xin LI
delphij at delphij.net
Tue Sep 15 09:08:53 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Frederique Rijsdijk wrote:
> Hi,
>
> Any info on this subject on
>
> http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/
Currently we (secteam@) are testing the correction patch and do
peer-review on the security advisory draft, the bug was found and fixed
on -HEAD and 7-STABLE before 7.1-RELEASE during some stress test but was
not recognized as a security vulnerability at that time. The exploit
code has to be executed locally, i.e. either by an untrusted local user,
or be exploited in conjunction with some remote vulnerability on
applications that allow the attacker to inject their own code.
We can not release further details about the problem at this time,
though, but I think we will likely to publish the advisory and
correction patch this patch Wednesday.
Cheers,
- --
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)
iEYEARECAAYFAkqvWZgACgkQi+vbBBjt66DAwACdHwj+VB8Ak0oRwhiH7X16+2Wl
nU0An2bMd4Y40DqCUJI+DEmNmozmm7fz
=+LtQ
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list