Description:
Przemyslaw Frasunek, an independent security researcher from Poland has just posted a local root security exploit for FreeBSD. Though he has not made the exploit code public or divulged enough information to re-create it independently, he has revealed that the bug is in FreeBSD's kqueue notification interface.
This bug currently affects FreeBSD version 6.0-6.4 which is reportedly widely deployed. The good news is that versions 7.1 and above are not vulnerable, thus upgrading the OS should fix the problem. It is important to note that those exploiting the bug must first have local access to a vulnerable system, either as a legitimate user or by exploiting some other flaw (say, a vulnerable PHP script) that gives an attacker a toe-hold in to the targeted system. The bug is the result of a race condition in the FreeBSD kqueue that leads to a NULL pointer dereference in kernel mode. Attackers can cause vulnerable systems to run malware by putting the code in a memory page mapped to address 0x0.
Currently, as of this writing on 16th Sept 2009, no patches have been made available. We will update this post, once more info is made available by the researcher.
Thanks to Netinfinity for referring this video to SecurityTube and to Przemyslaw Frasunek for posting it on Vimeo.
Tags: fun ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: