Unbelievably simple bug in FreeBSD which gives untrusted root access
December 2nd, 2009
2 comments
A security bug in the latest version of FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher said Monday. The exploit was discovered and exploited by Nikolaos Rangos also known as Kingcope.
This was disclosed in the Full Disclosure Mailing List him. Shortly after this disclosure, other researchers said they were able to confirm the bug.
The bug resides in FreeBSD’s run-time link editor. A binary run by an unprivileged user can be executed with administrative privileges in a restricted environment.
A security advisory containing a “not fully developed” patch for this has been posted in FreeBSD mail Archive.
