# Exploit published for FreeBSD local root vulnerability



## Anonymous (Dec 1, 2009)

http://blogs.zdnet.com/security/?p=5010
The article says "It affects FreeBSD versions 7.1 and 8.0."
I'm running 7.2, does that mean I'm not affected by this?


----------



## Voltar (Dec 1, 2009)

mharvey87 said:
			
		

> http://blogs.zdnet.com/security/?p=5010
> The article says "It affects FreeBSD versions 7.1 and 8.0."
> I'm running 7.2, does that mean I'm not affected by this?



It works on my home fileserver, FreeBSD 7.2-STABLE last updated/compiled 17-Nov.


----------



## pprocacci (Dec 2, 2009)

I've tested, version 4.9, 4.11, 6.4, 7.0, 7.1, 7.2, 8.0.  All -REALEASE.  Of them only 7.x and 8.0 are affected.


----------



## CodeBlock (Dec 2, 2009)

Oh wow interesting. Is the patch in 8.0-STABLE yet? Or has the sec. advisory been announced yet? This is interesting/bad.


----------



## jrick (Dec 2, 2009)

CodeBlock said:
			
		

> Oh wow interesting. Is the patch in 8.0-STABLE yet? Or has the sec. advisory been announced yet? This is interesting/bad.



Yeah, it's in 8-STABLE. I rebuilt a few hours ago, and the exploit doesn't seem to work anymore.


----------



## respite (Dec 2, 2009)

Wow. Seems the exploit was found by kingcope. That guy has released a lot of interesting work.


----------



## quakerdoomer (Dec 2, 2009)

Runs successfully on 8.0 RC1.
**************************************************
  **** DOES NOT AFFECT FreeBSD 8.0-CURRENT-200902 ****
**************************************************
Request everyone to check if they have 8.0's Pre Releases.
Would be intersting to check the pre-release source (/usr/src/libexec/rtld-elf/rtld.c) with the
temporary patch provided.

Since /sbin/ping has been execl-ed in the code, on exitting the root shell it (echoes out) teaches the usage of ping to the exploiter


----------



## SirDice (Dec 2, 2009)

quakerdoomer said:
			
		

> Since /sbin/ping has been execl-ed in the code, on exitting the root shell it (echoes out) teaches the usage of ping to the exploiter


Yes, but do note it's not ping that's the problem. _Any_ suid root program could be used for this.


----------

