Re: FreeBSD bug grants local root access (FreeBSD 6.x)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

utisoft@xxxxxxxxxxxxxx wrote:
It appears to only affect 6.x.... and requires local access. If an
attacker has local access to a machine you're screwed anyway.

'local' here means login as a local user, i.e. ssh/telnet/etc, not
console access which seems to be what you mean by 'local access'.

Note that, in order to successfully exploit this vulnerability, a remote
attacker still need someone or something to run the code on their
behalf, typically this would have to be used in conjunction with some
other remote vulnerability (i.e. some popular remote admin tool that
allows you to upload and run something on web server's context, etc).

We are still working on this one, it looks like that we would need to
patch some other problems altogether.

Cheers,
- --
Xin LI <delphij@xxxxxxxxxxx> http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)

iEYEARECAAYFAkqwKwcACgkQi+vbBBjt66BtawCgsDhrON8DzvX7A6M1O37A2Qw6
/54An0CAgPeTTJcJKcdkVWcF9qX0FVuY
=EeKO
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • [UNIX] Cyboards Remote Code Execution and XSS
    ... /include directory which results in allowing an attacker to execute remote ... code on the server with web server's permission setting. ... Remote Arbitrary Code Execution: ...
    (Securiteam)
  • RE: On classifying attacks
    ... serious a particular vulnerability is based on how it is classified. ... grant the attacker the privileges of the system management account? ... Some are tempted to call this a remote exploit. ... The payload finds its way ...
    (Bugtraq)
  • Re: On classifying attacks
    ... if the attacker needs to be logged into an account on the machine being attacked then the vulnerability is local; if the attacker just has to be able to push bits to a port then it's remote. ... A client-side remote attack. ...
    (Bugtraq)
  • [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:23.openssl
    ... For general information regarding FreeBSD Security Advisories, ... FreeBSD includes software from the OpenSSL Project. ... A flaw in the DTLS SRTP extension parsing code allows an attacker, ... # fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch ...
    (freebsd-announce)
  • FreeBSD Security Advisory FreeBSD-SA-14:23.openssl
    ... For general information regarding FreeBSD Security Advisories, ... FreeBSD includes software from the OpenSSL Project. ... A flaw in the DTLS SRTP extension parsing code allows an attacker, ... # fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch ...
    (Bugtraq)