| New User, Welcome! Login |
FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit
| From: |
Przemyslaw Frasunek <venglin freebsd lublin pl> |
| To: |
full-disclosure lists grok org uk, bugtraq securityfocus com |
| Cc: |
|
| Subject: |
FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit |
| Date: |
Thu - Oct 08, 2009 07:05 AM |
FreeBSD 6.4 and below are vulnerable to race condition between pipeclose() and
knlist_cleardel() resulting in NULL pointer dereference. The following code
exploits vulnerability to run code in kernel mode, giving root shell and
escaping from jail.
http://www.frasunek.com/pipe.txt
The bug was fixed a week ago and official security advisory was issued:
http://security.freebsd.org/advisories/FreeBSD-SA-09:13.pipe.asc
--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE *
* Jabber ID: venglin@czuby.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV *
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
