A security bug in the latest version of FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher said Monday. The exploit was discovered and exploited by Nikolaos Rangos also known as Kingcope.
This was disclosed in the Full Disclosure Mailing List him. Shortly after this disclosure, other researchers said they were able to confirm the bug.
The bug resides in FreeBSD’s run-time link editor. A binary run by an unprivileged user can be executed with administrative privileges in a restricted environment.
A security advisory containing a “not fully developed” patch for this has been posted in FreeBSD mail Archive.
You can see it here.
Microsoft has come out in defense of the much-anticipated Windows 7 operating system after a number of blogs and other sources flaunted a discovered bug as a potential “show-stopper”. Some had reported that a bug with the operating system’s CHKDSK utility could delay the planned rollout, which is being watched closely as hopes are high of Windows 7 providing a much needed jab in the arm for the PC industry.
Since Microsoft is saying this, it may not be a “CRITICAL SHOW STOPPER” bug, but atleast we cannot use chkdsk /r in cmd. If we do most probably it will end up crashing the windows giving us the infamous Blue Screen of Death (BSOD).
Microsoft is denying that the bug is in the Windows software. Instead, Microsoft is pointing at a chipset controller issue as the culprit and advising customers to update their chipset drivers to the latest versions providing by the motherboard manufacturers.
Microsoft’s Windows division President Steven Sinofsky said that the company has not reproduced the crash or experienced any crashes with CHKDSK in any measurable number.
“While we appreciate the drama of ‘critical bug’ and then the pickup of ‘showstopper’ that I’ve seen, we might take a step back and realize that this might not have that defcon level, Bugs that are so severe as to require immediate patches and attention would have to have no workarounds and would generally be such that a large set of people would run across them in the normal course of using their PC.“
he said. Sinofsky went on to say that this is not a big issue but that Microsoft will continue to pursue and investigate any issues with Windows 7 if/as they arise.
