[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4AACB21D.1020607@freebsd.lublin.pl>
Date: Sun, 13 Sep 2009 10:49:33 +0200
From: Przemyslaw Frasunek <venglin@...ebsd.lublin.pl>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference
Przemyslaw Frasunek pisze:
> FreeBSD <= 6.1 suffers from classical check/use race condition on SMP
There is yet another kqueue related vulnerability. It affects 6.x, up to
6.4-STABLE. FreeBSD security team was notified on 29th Aug, but there is no
response until now, so I won't publish any details.
Sucessful exploitation yields local root and allows to exit from jail. For now,
you can see demo on:
http://www.vimeo.com/6554787
--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE *
* Jabber ID: venglin@...by.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV *
Powered by blists - more mailing lists