In association with heise online

24 March 2009, 13:35

FreeBSD bug gives local root privileges

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Due to a bug in FreeBSD's kernel, local users can gain complete control over vulnerable systems. The vulnerability is located in the KTimes module which was, according the the FreeBSD developers, only introduced in version 7.0 of the free operating system.

The programming flaw in question is a missing range check on the ID of the timer to be used which can be exploited to cause integer overflow. The overflow allows an unprivileged process to overwrite arbitrary areas of kernel memory. Administrators should install one of the available patches immediately, recompile their kernel and reboot.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-740735
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit