FreeBSD bug gives local root privileges
Due to a bug in FreeBSD's kernel, local users can gain complete control over vulnerable systems. The vulnerability is located in the KTimes module which was, according the the FreeBSD developers, only introduced in version 7.0 of the free operating system.
The programming flaw in question is a missing range check on the ID of the timer to be used which can be exploited to cause integer overflow. The overflow allows an unprivileged process to overwrite arbitrary areas of kernel memory. Administrators should install one of the available patches immediately, recompile their kernel and reboot.
- FreeBSD-SA-09:06.ktimer, developers' advisory.