Full Disclosure mailing list archives
Re: FreeBSD <= 6.1 kqueue() NULL pointer dereference
From: Przemyslaw Frasunek <venglin () freebsd lublin pl>
Date: Sun, 13 Sep 2009 10:49:33 +0200
Przemyslaw Frasunek pisze:
FreeBSD <= 6.1 suffers from classical check/use race condition on SMP
There is yet another kqueue related vulnerability. It affects 6.x, up to 6.4-STABLE. FreeBSD security team was notified on 29th Aug, but there is no response until now, so I won't publish any details. Sucessful exploitation yields local root and allows to exit from jail. For now, you can see demo on: http://www.vimeo.com/6554787 -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE * * Jabber ID: venglin () czuby pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV * _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: FreeBSD <= 6.1 kqueue() NULL pointer dereference Przemyslaw Frasunek (Sep 13)