Re: FreeBSD bug grants local root access (FreeBSD 6.x)
- From: Xin LI <delphij@xxxxxxxxxxx>
- Date: Tue, 15 Sep 2009 17:02:15 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
utisoft@xxxxxxxxxxxxxx wrote:
It appears to only affect 6.x.... and requires local access. If an
attacker has local access to a machine you're screwed anyway.
'local' here means login as a local user, i.e. ssh/telnet/etc, not
console access which seems to be what you mean by 'local access'.
Note that, in order to successfully exploit this vulnerability, a remote
attacker still need someone or something to run the code on their
behalf, typically this would have to be used in conjunction with some
other remote vulnerability (i.e. some popular remote admin tool that
allows you to upload and run something on web server's context, etc).
We are still working on this one, it looks like that we would need to
patch some other problems altogether.
Cheers,
- --
Xin LI <delphij@xxxxxxxxxxx> http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)
iEYEARECAAYFAkqwKwcACgkQi+vbBBjt66BtawCgsDhrON8DzvX7A6M1O37A2Qw6
/54An0CAgPeTTJcJKcdkVWcF9qX0FVuY
=EeKO
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- Re: FreeBSD bug grants local root access (FreeBSD 6.x)
- From: utisoft
- Re: FreeBSD bug grants local root access (FreeBSD 6.x)
- Prev by Date: Re: FreeBSD bug grants local root access (FreeBSD 6.x)
- Next by Date: Re: FreeBSD bug grants local root access (FreeBSD 6.x)
- Previous by thread: Re: FreeBSD bug grants local root access (FreeBSD 6.x)
- Next by thread: Protecting against kernel NULL-pointer derefs
- Index(es):
Relevant Pages
|
