Topic: Spurious mutex unlock
Category: core
Module: pseudofs
Announced: 2010-11-10
Credits: Przemyslaw Frasunek
Affects: FreeBSD 7.x prior to 7.3-RELEASE, 8.x prior to 8.0-RC1
Corrected: 2009-09-05 13:10:54 UTC (RELENG_8, 8.0-RC1)
2009-09-05 13:31:16 UTC (RELENG_7, 7.2-STABLE)
2010-11-10 23:36:13 UTC (RELENG_7_1, 7.1-RELEASE-p15)
CVE Name: CVE-2010-4210
Topic: Devfs / VFS NULL pointer race condition
Category: core
Module: kern
Announced: 2009-10-02
Credits: Przemyslaw Frasunek
Affects: FreeBSD 6.x and 7.x
Corrected: 2009-05-18 10:41:59 UTC (RELENG_7, 7.2-STABLE)
2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4)
2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8)
2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
* exploit for x86_64 linux kernel ia32syscall emulation
* bug, discovered by Wojciech Purczynski <cliph@isec.pl>
*
* by
* Robert Swiecki <robert@swiecki.net>
* Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
* Pawel Pisarczyk <pawel@immos.com.pl>
* of ATM-Lab http://www.atm-lab.pl
*/
#include <sys/types.h>
Przemyslaw Frasunek pisze:
> FreeBSD <= 6.1 suffers from classical check/use race condition on SMP
There is yet another kqueue related vulnerability. It affects 6.x, up to
6.4-STABLE. FreeBSD security team was notified on 29th Aug, but there is no
response until now, so I won't publish any details.
Sucessful exploitation yields local root and allows to exit from jail. For now,
you can see demo on:
Topic: kqueue pipe race conditions
Category: core
Module: kern
Announced: 2009-10-02
Credits: Przemyslaw Frasunek
Affects: FreeBSD 6.x
Corrected: 2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7)
2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13)
* Gynvael Coldwind
* Claudio Criscione
* Bernardo Damele
* Nick DePetrillo
* Leonardo NVE Egea
* Przemysław Frasunek
* Sandro Gauci
* Brad ‘RenderMan’ Haines
* Mario Heiderich
* Nadia Heninger
* Gareth Heyes
