Feeds

FreeBSD bug gives untrusted root access

'Unbelievably simple' exploit

Remote control for virtualized desktops

A security bug in the latest version of FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher said Monday.

The flaw is present in FreeBSD 8.0 and is known to affect versions 7.1 and 7.2 of the open-source OS, Nikolaos Rangos told The Register. He said it was "unbelievably simple" to exploit. Shortly after he disclosed the flaw on the Full Disclosure mailing list, other researchers said they were able to confirm the bug.

FreeBSD Security Officer Colin Percival said the Full Disclosure post was the first his team had heard of the reported vulnerability. The team is currently investigating.

The bug resides in FreeBSD's run-time link editor. A binary run by an unprivileged user can be executed with administrative privileges in a restricted environment, Rangos said. That allows the user to obtain root access to the system. All that's required to run the exploit code, which Rangos included in his post, is a command shell.

To exploit the bug, hackers would need local access to the vulnerable machine. To use the attack code remotely, it's conceivable it could be used in concert with another vulnerability, such as one residing in a web application running on the box.

Rangos speculated a fix would be coming shortly.

"The bug is in the most recent versions of FreeBSD and normally local root vulnerabilities are quickly patched by the FreeBSD maintainers," he said. ®

Update

FreeBSD's Percival has issued an advisory here. It includes a patch that he says may or may not be final. He writes: "It is even possible (although highly doubtful) that this patch does not fully fix the issue or introduces new issues -- in short, use at your own risk (even more than usual)."

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.