Thursday, December 3, 2009

0day FreeBSD Exploit in the wild!!!

Users of FreeBSD are being pushed to update their software as a 0day exploit has been surfaced. The exploit gives full root access on any vulnerable system. Also it should be noted that it is a local exploit and not something that can be triggered remotely. The flaw affects versions 8.0 and 7.1 of FreeBSD. A post on the full disclosure mailing list read:
"The bug resides in the Run-Time Link-Editor (rtld). Normally rtld does not allow dangerous environment variables like LD_PRELOAD to be set when executing setugid binaries like “ping” or “su”. With a rather simple technique rtld can be tricked into accepting LD variables even on setugid binaries. See the attached exploit for details."
A patch is available and can be taken here:

The actual exploit can be taken here:
Note: The exploit's link is provided for testing/experimentation purposes and not for malicious purposes.

No comments: