LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: March 6th, 2010
Linux Advisory Watch: February 26th, 2010
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Root exploit for FreeBSD Print E-mail
User Rating:      How can I rate this item?
Source: H Security - Posted by Alex   
Server Security An exploit for FreeBSD is in circulation that allows users with restricted access to escalate their privileges to root level. The problem is caused by a flaw in the run-time link editor (rtld) which, in certain circumstances, accepts specially crafted environment variables. According to Kingcope, the developer of the exploit, the flaw is "incredibly easy" to exploit by, for example, setting a path to a specially crafted library for the LD_PRELOAD environment variable and then starting an SUID program like Ping. LD_PRELOAD instructs the loader to load additional libraries when starting a program – regardless of what was specified during compilation. The library will be executed at the same privilege level as the SUID program. As a consequence, SUID programs tend to ignore user-defined environment variables like LD_PRELOAD for security reasons.

An attacker could, for instance, exploit the hole to compromise an entire server via vulnerabilities in web applications which would normally run at a restricted privilege level. FreeBSD 8.0-RELEASE and FreeBSD 7.1-RELEASE are affected. FreeBSD 6.3-RELEASE and FreeBSD 4.9-RELEASE are not vulnerable.

Read this full article at H Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!
 
< Prev   Next >
    
Partner:

 
Latest Features
Introduction: Buffer Overflow Vulnerabilities
FTP Attack Case Study Part II: the Lessons
Network Security Audit (Part II)
Measuring Security IT Success
Buffer Overflow Basics
Network Intrusion Prevention Systems: When They're Valuable, and When They're Not
Hacks From Pax: Network Server Monitoring With Nmap
Yesterday's Edition
Noted cryptographer on SSL, encryption and cloud computing
Security industry faces attacks it cannot stop
Seven Firefox Plug-ins That Improve Online Privacy
MD5 hash vulnerability is expert's top Web security flaw
Virtualization Security Is Taking Longer Than Expected
Apache bug prompts update advice
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2010 Guardian Digital, Inc. All rights reserved.