FreeBSD bug grants local root access (FreeBSD 6.x)
Xin LI
delphij at delphij.net
Wed Sep 16 00:02:28 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
utisoft at googlemail.com wrote:
> It appears to only affect 6.x.... and requires local access. If an
> attacker has local access to a machine you're screwed anyway.
'local' here means login as a local user, i.e. ssh/telnet/etc, not
console access which seems to be what you mean by 'local access'.
Note that, in order to successfully exploit this vulnerability, a remote
attacker still need someone or something to run the code on their
behalf, typically this would have to be used in conjunction with some
other remote vulnerability (i.e. some popular remote admin tool that
allows you to upload and run something on web server's context, etc).
We are still working on this one, it looks like that we would need to
patch some other problems altogether.
Cheers,
- --
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)
iEYEARECAAYFAkqwKwcACgkQi+vbBBjt66BtawCgsDhrON8DzvX7A6M1O37A2Qw6
/54An0CAgPeTTJcJKcdkVWcF9qX0FVuY
=EeKO
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list