Friday, December 04, 2009

FreeBSD 8.0/7.1 local root issue

There is a new local root bug in FreeBSD.This bug discovered & exploited by Nikolaos Rangos also known as KingcopeThere is an unbelievable simple local r00t bug in recent FreeBSD versions.

The bug resides in the Run-Time Link-Editor (rtld).
Normally rtld does not allow dangerous environment variables like
to be set when executing setugid binaries like "ping" or "su".
With a rather simple technique rtld can be tricked into
accepting LD variables even on setugid binaries.

Please read this advisory for more details:

1 comment:

Anonymous said...

Salam bro izhar.. benda yang sama juga berlaku dengan menggunakan "man" pada macOSx.. Aku penah jumpa ko kat nasik kandar penang ngan iwan haritu.. kenal tak?