lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4ACDF731.6090006@freebsd.lublin.pl>
Date: Thu, 08 Oct 2009 16:29:05 +0200
From: Przemyslaw Frasunek <venglin@...ebsd.lublin.pl>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: FreeBSD 6.4 pipeclose()/knlist_cleardel() race
	condition exploit

FreeBSD 6.4 and below are vulnerable to race condition between pipeclose() and
knlist_cleardel() resulting in NULL pointer dereference. The following code
exploits vulnerability to run code in kernel mode, giving root shell and
escaping from jail.

http://www.frasunek.com/pipe.txt

The bug was fixed a week ago and official security advisory was issued:

http://security.freebsd.org/advisories/FreeBSD-SA-09:13.pipe.asc

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE *
* Jabber ID: venglin@...by.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV *

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ