# freebsd bug !



## gnumac (Dec 3, 2009)

The office notify is too late, i lost my freebsd host !
look at the picture, that is the shell script, which will get the root account of your freebsd system.


----------



## gnumac (Dec 3, 2009)




----------



## SirDice (Dec 3, 2009)

http://forums.freebsd.org/showthread.php?t=8918
http://forums.freebsd.org/showthread.php?t=8883

Fix: http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc


----------



## vivek (Dec 3, 2009)

Also, this is local and not remote one. Another good  reason  not to give user shell access until and unless they have rock solid requirements.

YMMV.


----------



## SirDice (Dec 3, 2009)

vivek said:
			
		

> Also, this is local and not remote one. Another good  reason  not to give user shell access until and unless they have rock solid requirements.


It can be used remote. If you're also running a vulnerable web application that allows command injection. Sure fire way of getting your box pwned.


----------



## DutchDaemon (Dec 3, 2009)

Search the forums next time ...


----------

