Re: FreeBSD bug grants local root access (FreeBSD 6.x)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

utisoft@xxxxxxxxxxxxxx wrote:
It appears to only affect 6.x.... and requires local access. If an
attacker has local access to a machine you're screwed anyway.

'local' here means login as a local user, i.e. ssh/telnet/etc, not
console access which seems to be what you mean by 'local access'.

Note that, in order to successfully exploit this vulnerability, a remote
attacker still need someone or something to run the code on their
behalf, typically this would have to be used in conjunction with some
other remote vulnerability (i.e. some popular remote admin tool that
allows you to upload and run something on web server's context, etc).

We are still working on this one, it looks like that we would need to
patch some other problems altogether.

Cheers,
- --
Xin LI <delphij@xxxxxxxxxxx> http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)

iEYEARECAAYFAkqwKwcACgkQi+vbBBjt66BtawCgsDhrON8DzvX7A6M1O37A2Qw6
/54An0CAgPeTTJcJKcdkVWcF9qX0FVuY
=EeKO
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"