From owner-freebsd-security@FreeBSD.ORG Tue Dec 1 04:55:45 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 93BCE1065670 for ; Tue, 1 Dec 2009 04:55:45 +0000 (UTC) (envelope-from bryan@xzibition.com) Received: from secure.xzibition.com (secure.xzibition.com [216.243.161.148]) by mx1.freebsd.org (Postfix) with ESMTP id 1C1298FC19 for ; Tue, 1 Dec 2009 04:55:44 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=xzibition.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=jr18ia BcGaTHm8irob6kbvj69UFT/PFLq8tMq5AMmCme/v/7SHCfMU3VJdmlOuYxsaGtvO Padu3KyP0zLzSfU+NpUFWaZGsehhceOT1xaEgPLjhDswDfaw4kZFz4o5v1AeLEix AdhV/DV5TAuthZHMVI1yYJlbHiyO8qgbY18FA= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=xzibition.com; h= message-id:date:from:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; s=sweb; bh= It9yzBvj5VUGcPEZ9beiWAqORaN6sEMYcvPd/mqM5Zo=; b=x73C7Lw5zGR2UK8O DYkI79E+oSfUuIwQs/0tlMtdLAFwQtZPh+yuHpB4OVhVrH4/4PlraPZpUV1Ay65M oSuTzLr7X1rjIZR89/KMauTa8o62eqvPPmRkbUEzZIzDzXXJAxc/zLTPtpsSotdj +KxtdnEZERm671wKnrEJC+M27hg= Received: (qmail 62009 invoked from network); 30 Nov 2009 22:29:01 -0600 Received: from unknown (HELO ?192.168.101.100?) (bryan@shatow.net@76.212.160.224) by sweb.xzibition.com with ESMTPA; 30 Nov 2009 22:29:01 -0600 Message-ID: <4B149B8A.80100@xzibition.com> Date: Mon, 30 Nov 2009 22:28:58 -0600 From: Bryan Drewery User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: cperciva@freebsd.org References: <200912010120.nB11Koo2088364@freefall.freebsd.org> In-Reply-To: <200912010120.nB11Koo2088364@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Upcoming FreeBSD Security Advisory X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 04:55:45 -0000 Colin, Thank you so much for alerting us and providing a temporary patch. I had a user attempt to use the public exploit today, but due to /tmp being noexec, it failed. Luckily I caught him before he modified the script to work though. Now I am patched and can sleep tonight :) Thanks, Bryan FreeBSD Security Officer wrote: > Hi all, > > A short time ago a "local root" exploit was posted to the full-disclosure > mailing list; as the name suggests, this allows a local user to execute > arbitrary code as root. > > Normally it is the policy of the FreeBSD Security Team to not publicly > discuss security issues until an advisory is ready, but in this case > since exploit code is already widely available I want to make a patch > available ASAP. Due to the short timeline, it is possible that this > patch will not be the final version which is provided when an advisory > is sent out; it is even possible (although highly doubtful) that this > patch does not fully fix the issue or introduces new issues -- in short, > use at your own risk (even more than usual). > > The patch is at > http://people.freebsd.org/~cperciva/rtld.patch > and has SHA256 hash > ffcba0c20335dd83e9ac0d0e920faf5b4aedf366ee5a41f548b95027e3b770c1 > > I expect a full security advisory concerning this issue will go out on > Wednesday December 2nd.