Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 1 Dec 2009 09:01:08 +0000
From:      =?UTF-8?Q?Istv=C3=A1n?= <leccine@gmail.com>
To:        Bryan Drewery <bryan@xzibition.com>
Cc:        freebsd-security <freebsd-security@freebsd.org>, cperciva <cperciva@freebsd.org>
Subject:   Re: Upcoming FreeBSD Security Advisory
Message-ID:  <b8592ed80912010101m1e19df85vbb8e76471f102d6f@mail.gmail.com>
In-Reply-To: <4B149B8A.80100@xzibition.com>
References:  <200912010120.nB11Koo2088364@freefall.freebsd.org> <4B149B8A.80100@xzibition.com>

next in thread | previous in thread | raw e-mail | index | archive | help
yeah noexec /tmp is nice

cat /tmp/shellscript | bash

same with executables

It is good against level0 kiddies and bots

On Tue, Dec 1, 2009 at 4:28 AM, Bryan Drewery <bryan@xzibition.com> wrote:

> Colin,
>
> Thank you so much for alerting us and providing a temporary patch. I had
> a user attempt to use the public exploit today, but due to /tmp being
> noexec, it failed. Luckily I caught him before he modified the script to
> work though. Now I am patched and can sleep tonight :)
>
> Thanks,
> Bryan
>
> FreeBSD Security Officer wrote:
> > Hi all,
> >
> > A short time ago a "local root" exploit was posted to the full-disclosure
> > mailing list; as the name suggests, this allows a local user to execute
> > arbitrary code as root.
> >
> > Normally it is the policy of the FreeBSD Security Team to not publicly
> > discuss security issues until an advisory is ready, but in this case
> > since exploit code is already widely available I want to make a patch
> > available ASAP.  Due to the short timeline, it is possible that this
> > patch will not be the final version which is provided when an advisory
> > is sent out; it is even possible (although highly doubtful) that this
> > patch does not fully fix the issue or introduces new issues -- in short,
> > use at your own risk (even more than usual).
> >
> > The patch is at
> >   http://people.freebsd.org/~cperciva/rtld.patch
> > and has SHA256 hash
> >   ffcba0c20335dd83e9ac0d0e920faf5b4aedf366ee5a41f548b95027e3b770c1
> >
> > I expect a full security advisory concerning this issue will go out on
> > Wednesday December 2nd.
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org
> "
>



-- 
the sun shines for all

http://l1xl1x.blogspot.com



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b8592ed80912010101m1e19df85vbb8e76471f102d6f>