vulnerability in Kqueue on FreeBSD

    an independent Polish information security consultant, Przemyslaw Frasunek, discovered a bug in FreeBSD 6.0 - 6.4, which allows getting a root to a local user. this is reported to us by the online edition http://www.theregister.co.uk .

    a bug from the " race condition bugs " category was found by him in the event notification interface, Kqueue leads to an attempt to dereference the NULL pointer in kernel mode. thus, there is a danger of exploiting this hole by slipping your own code to run the malware, etc., by placing it on the memory page mapped to this address, 0x0.
    as Przemyslaw Frasunek himself reports, he notified the FreeBSD community about this bug on August 29, 2009, but it seems that for some reason his letter was not examined by the freebies.

    funny (or rather, deplorable), and at the same time it is unclear in which exact versions of the fries this bug is. the article says about version 6.0-6.4, and the screenshot demonstrating the exploit in action shows the work under frbzd 7.2.

    As for the Fribe community, a corresponding reaction to this news has already followed .

    ps: the reference to
    pps: unable to move in a blog about fribzd Habré because I do not have enough karma; (

    Also popular now: